Alexios Mylonas

**Name of the Vulnerable Software and Affected Versions** Yale IA-210 Alarm version 1.0 **Description** The issue is related to weak encryption mechanisms in RFID Tags, allowing attackers to create a cloned tag via physical proximity to the original. **Recommendations** For Yale IA-210 Alarm version 1.0, consider implementing additional security measures to prevent unauthorized access, such as restricting physical proximity to the original tag or using alternative authentication methods until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yale Conexis L1 version 1.1.0 **Description** The issue is related to weak encryption mechanisms in RFID Tags, allowing attackers to create a cloned tag via physical proximity to the original. **Recommendations** For Yale Conexis L1 version 1.1.0, consider disabling the use of RFID tags until a patch or fix is available to strengthen the encryption mechanisms. Restrict physical access to the original tags to minimize the risk of cloning. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yale Keyless Lock version v1.0 **Description** The issue is related to weak encryption mechanisms in RFID Tags, which allows attackers to create a cloned tag via physical proximity to the original. **Recommendations** For Yale Keyless Lock version v1.0, consider disabling the RFID tag functionality until a patch or fix is available to strengthen the encryption mechanisms. Restrict physical access to the lock to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ultraloq UL3 2nd Gen Smart Lock Firmware version 02.27.0012 **Description** The issue is related to incorrect session management and credential re-use in the Bluetooth LE stack, allowing an attacker to sniff the unlock code and unlock the device while within Bluetooth range. This can lead to the disclosure of protected information. **Recommendations** For Ultraloq UL3 2nd Gen Smart Lock Firmware version 02.27.0012, consider disabling the Bluetooth LE functionality until a patch is available to prevent exploitation. Restrict access to the device when not in use to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.