Lennert Wouters

**Name of the Vulnerable Software and Affected Versions** dormakaba Saflok system versions prior to November 2023 software update Saflok MT versions prior to November 2023 software update Confidant series versions prior to November 2023 software update Quantum series versions prior to November 2023 software update RT series versions prior to November 2023 software update Saffire series versions prior to November 2023 software update **Description** The issue allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property. This occurs because the key derivation function relies only on a `UID`. **Recommendations** For dormakaba Saflok system versions prior to November 2023 software update, update to the November 2023 software update or later. For Saflok MT versions prior to November 2023 software update, update to the November 2023 software update or later. For Confidant series versions prior to November 2023 software update, update to the November 2023 software update or later. For Quantum series versions prior to November 2023 software update, update to the November 2023 software update or later. For RT series versions prior to November 2023 software update, update to the November 2023 software update or later. For Saffire series versions prior to November 2023 software update, update to the November 2023 software update or later.

**Name of the Vulnerable Software and Affected Versions** U-Boot (affected versions not specified) **Description** The issue is related to a U-Boot shell vulnerability that results in privilege escalation in a production device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** u-boot (affected versions not specified) **Description** The issue is related to a bug in u-boot that allows for access to the u-boot shell and interrupt over UART. This is caused by a buffer overflow in memory. An attacker could exploit this to bypass secure boot mechanisms. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Motorola-branded Binatone Hubble Cameras (affected versions not specified) Description: An information disclosure issue was reported that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Motorola-branded Binatone Hubble Cameras (affected versions not specified) Description: An issue was found in Motorola-branded Binatone Hubble Cameras where an exposed debug interface could allow an attacker with physical access to gain unauthorized access to the device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Motorola-branded Binatone Hubble Cameras (affected versions not specified) Description: A buffer overflow was reported in the local web server of the cameras, which could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Motorola-branded Binatone Hubble Cameras (affected versions not specified) Description: An information disclosure issue was reported that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tesla Model X vehicles before 2020-11-23 **Description** The issue concerns key fobs in Tesla Model X vehicles that accept firmware updates without signature verification, allowing attackers to construct firmware that retrieves an unlock code from a secure enclave chip. **Recommendations** For Tesla Model X vehicles before 2020-11-23, consider disabling the key fob's firmware update functionality until a secure update mechanism is implemented. Restrict access to the key fob to minimize the risk of exploitation. Avoid using the key fob for unlock code retrieval until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tesla Model X vehicles before 2020-11-23 **Description** The issue allows an attacker, who is inside a vehicle or able to send data over the CAN bus, to start and drive the vehicle with a spoofed key fob. This is possible because the vehicles do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). **Recommendations** For Tesla Model X vehicles before 2020-11-23, update the software to a version that includes certificate validation for key fob pairing to prevent spoofing attacks.

**Name of the Vulnerable Software and Affected Versions** Tesla Model X vehicles before 2020-11-23 **Description** The key fobs of the affected vehicles rely on five VIN digits for authentication to initiate a Bluetooth wake-up action through the body control module (BCM). The full VIN is visible from outside the vehicle. **Recommendations** For Tesla Model X vehicles before 2020-11-23, consider restricting access to the vehicle's Bluetooth functionality until a fix is applied, as the key fobs' reliance on partial VIN digits for authentication poses a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pektron Passive Keyless Entry and Start (PKES) system (affected versions not specified) **Description** The issue concerns the Pektron Passive Keyless Entry and Start (PKES) system, which is used in vehicles such as the Tesla Model S. The system relies on the DST40 cipher, making it easier for attackers to gain access. The attack involves a precomputation of 5.4 TB, followed by wake-frame reception and two challenge/response operations, allowing attackers to clone a key fob within a few seconds. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.