CVE-2022-32507

May 14, 2024, 4:13 p.m.

Tags

cve@mitre.org
2024-05-14
CVE-2022-32507

Product(s) Impacted

Nuki Smart Lock 3.0

  • before 3.3.5

Nuki Smart Lock 2.0

  • before 2.12.4

Description

An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.

Weaknesses

Date

Published: May 14, 2024, 10:43 a.m.

Last Modified: May 14, 2024, 4:13 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
cve@mitre.org
https://nuki.io/en/security-updates/
cve@mitre.org
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
cve@mitre.org
https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/
cve@mitre.org