CVE-2019-17627

Name of the Vulnerable Software and Affected Versions Yale Bluetooth Key application (affected versions not specified) Yale ZEN-R lock (affected versions not specified)

Description The issue allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request.

Recommendations For the Yale Bluetooth Key application, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For the Yale ZEN-R lock, at the moment, there is no information about a newer version that contains a fix for this vulnerability.