CVE-2022-32503

CVSS v3.1

7.6

High

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nuki Keypad versions prior to 1.9.2 Nuki Fob versions prior to 1.8.1

Description An issue was discovered on certain Nuki Home Solutions devices, where an attacker with physical access to the JTAG port may be able to connect to the device and bypass both hardware and software security protections.

Recommendations For Nuki Keypad versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. For Nuki Fob versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the JTAG port to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-32503

Affected Products

Nuki Fob

Nuki Keypad

CVE-2022-32503

Weakness Enumeration

Related Identifiers

Affected Products

References · 6