A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
History

Fri, 20 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Dec 2024 17:45:00 +0000

Type Values Removed Values Added
Description A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Title CVE-2023-7005
References

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2024-12-19T17:35:45.594Z

Updated: 2024-12-20T17:47:11.828Z

Reserved: 2023-12-20T14:58:39.182Z

Link: CVE-2023-7005

cve-icon Vulnrichment

Updated: 2024-12-20T17:47:02.718Z

cve-icon NVD

Status : Received

Published: 2024-12-19T18:15:06.313

Modified: 2024-12-20T18:15:25.777

Link: CVE-2023-7005

cve-icon Redhat

No data.