PT-2023-27127 · Etekcity · Etekcity 3-In-1 Smart Door Lock

Ash Allen

Publicado

2023-08-15

Atualizado

2023-08-22

CVE-2023-39841

CVSS v3.1

4.6

Média

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Etekcity 3-in-1 Smart Door Lock version v1.0

Description The issue is related to missing encryption in the RFID tag of the Etekcity 3-in-1 Smart Door Lock, which allows attackers to create a cloned tag via brief physical proximity to the original device.

Recommendations For Etekcity 3-in-1 Smart Door Lock version v1.0, consider disabling the RFID tag functionality until a patch or fix is available to mitigate the risk of tag cloning.

Exploit

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2023-39841

Produtos afetados

Etekcity 3-In-1 Smart Door Lock

PT-2023-27127 · Etekcity · Etekcity 3-In-1 Smart Door Lock

CVE-2023-39841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6