CVE-2022-32510
May 14, 2024, 4:13 p.m.
Tags
Product(s) Impacted
Nuki Bridge
- v1 before 1.22.0
- v2 before 2.13.2
Nuki Bridge v1
- before 1.22.0
Nuki Bridge v2
- before 2.13.2
Description
An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
Weaknesses
Date
Published: May 14, 2024, 10:43 a.m.
Last Modified: May 14, 2024, 4:13 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://latesthackingnews.com/
cve@mitre.org
https://nuki.io/
cve@mitre.org
https://research.nccgroup.com/
cve@mitre.org
https://www.hackread.com/
cve@mitre.org