An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-14T19:05:28.292Z
Reserved:
Link: CVE-2022-32507
Vulnrichment
Updated: 2024-08-03T07:46:43.472Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T10:43:41.833
Modified: 2024-08-14T19:35:01.077
Link: CVE-2022-32507
Redhat
No data.