Levaronsky

**Name of the Vulnerable Software and Affected Versions** Sciener locks (affected versions not specified) **Description** The firmware update mechanism of the locks does not authenticate or validate firmware updates when they are passed through the Bluetooth Low Energy service. An attacker can send a challenge request with a command to prepare for an update, rather than an unlock request, which allows the attacker to compromise the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.