CVE-2022-32507
May 14, 2024, 4:13 p.m.
Tags
Product(s) Impacted
Nuki Smart Lock 3.0
- before 3.3.5
Nuki Smart Lock 2.0
- before 2.12.4
Description
An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.
Weaknesses
Date
Published: May 14, 2024, 10:43 a.m.
Last Modified: May 14, 2024, 4:13 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org