Nokelock · Nokelock Smart Padlock O1 · CVE-2022-36228
**Name of the Vulnerable Software and Affected Versions**
Nokelock Smart padlock O1 version 5.3.0
**Description**
The issue allows an attacker to send a request and add any device, as well as set the device password in the Nokelock app, due to insecure permissions.
**Recommendations**
For version 5.3.0, consider restricting access to the device password setting functionality in the Nokelock app until a patch is available.
As a temporary workaround, avoid using the Nokelock app to add new devices until the issue is resolved.