Ash Allen

**Name of the Vulnerable Software and Affected Versions** Suleve 5-in-1 Smart Door Lock version v1.0 **Description** The issue is related to missing encryption in the RFID tag of the Suleve 5-in-1 Smart Door Lock, which allows attackers to create a cloned tag via brief physical proximity to the original device. **Recommendations** For Suleve 5-in-1 Smart Door Lock version v1.0, consider disabling the RFID tag functionality until a patch or fix is available to mitigate the risk of tag cloning. Additionally, restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digoo DG-HAMB Smart Home Security System version 1.0 **Description** The issue is related to missing encryption in the RFID tag of the system, allowing attackers to create a cloned tag via brief physical proximity to the original device. This can be exploited to gain unauthorized access. **Recommendations** For Digoo DG-HAMB Smart Home Security System version 1.0, consider disabling the RFID tag functionality until a patch or fix is available to mitigate the risk of cloned tags being created. Restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Etekcity 3-in-1 Smart Door Lock version v1.0 **Description** The issue is related to missing encryption in the RFID tag of the Etekcity 3-in-1 Smart Door Lock, which allows attackers to create a cloned tag via brief physical proximity to the original device. **Recommendations** For Etekcity 3-in-1 Smart Door Lock version v1.0, consider disabling the RFID tag functionality until a patch or fix is available to mitigate the risk of tag cloning.

**Name of the Vulnerable Software and Affected Versions** WAFU Keyless Smart Lock version 1.0 **Description** An issue was discovered that allows attackers to unlock a device via a code replay attack. **Recommendations** For WAFU Keyless Smart Lock version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AGShome Smart Alarm version 1.0 **Description** The issue is related to weak security in the transmitter, allowing attackers to gain full access to the system via a code replay attack. **Recommendations** For AGShome Smart Alarm version 1.0, consider disabling the transmitter until a patch is available to prevent code replay attacks.

**Name of the Vulnerable Software and Affected Versions** Kerui W18 Alarm System version 1.0 **Description** The issue concerns weak security in the 433MHz keyfob of the Kerui W18 Alarm System, allowing attackers to gain full access via a code replay attack. **Recommendations** For Kerui W18 Alarm System version 1.0, consider disabling the 433MHz keyfob functionality until a patch or fix is available to prevent code replay attacks.

**Name of the Vulnerable Software and Affected Versions** Blitzwolf BW-IS22 Smart Home Security Alarm version v1.0 **Description** The issue is related to weak security in the transmitter, allowing attackers to gain full access to the system via a code replay attack. **Recommendations** For Blitzwolf BW-IS22 Smart Home Security Alarm version v1.0, consider implementing additional security measures to prevent code replay attacks, such as enhancing transmitter security or using encryption, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Digoo DG-HAMB Smart Home Security System version 1.0 **Description** The issue is related to weak security in the transmitter, allowing attackers to gain full access to the system via a code replay attack. **Recommendations** For Digoo DG-HAMB Smart Home Security System version 1.0, consider disabling the transmitter until a patch is available to prevent code replay attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fortessa FTBTLD Smart Lock (affected versions not specified) **Description** The issue is related to incorrect permissions in the Bluetooth Services of the Fortessa FTBTLD Smart Lock, allowing a remote attacker to disable the lock via an unauthenticated edit to the `lock name`. This can be achieved by modifying the lock name, which does not require proper authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: eGeeTouch 3rd Generation Travel Padlock application for Android (affected versions not specified) Description: An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.