CVE-2022-32510

Published: May 14, 2024Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability: 2.8 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (8)

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

Source: cve@mitre.org

https://nuki.io/en/security-updates/

Source: cve@mitre.org

https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

Source: cve@mitre.org

https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

Source: cve@mitre.org

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

Source: af854a3a-2127-422b-91ae-364da2661108

https://nuki.io/en/security-updates/

Source: af854a3a-2127-422b-91ae-364da2661108

https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.