Overview
- Description
- Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-294
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AF2D1265-D7A7-4F4D-B0BC-DE788C2163A6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA191DAF-E479-4B8D-99BF-2AC6147C4490"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]