PT-2024-11568 · Nuki · Nuki Smart Lock+2
Published
2024-05-09
·
Updated
2024-07-03
·
CVE-2022-32504
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nuki Smart Lock versions 3.0 through 3.3.4
Nuki Smart Lock versions 2.0 through 2.12.3
Nuki Bridge versions 1.0 through 1.21.9
Nuki Bridge versions 2.0 through 2.13.1
Description
An issue was discovered in certain Nuki Home Solutions devices, where the code used to parse JSON objects received from the WebSocket service leads to a stack buffer overflow. This could allow an attacker to gain arbitrary code execution on a KeyTurner device.
Recommendations
For Nuki Smart Lock versions 3.0 through 3.3.4, update to version 3.3.5 or later.
For Nuki Smart Lock versions 2.0 through 2.12.3, update to version 2.12.4 or later.
For Nuki Bridge versions 1.0 through 1.21.9, update to version 1.22.0 or later.
For Nuki Bridge versions 2.0 through 2.13.1, update to version 2.13.2 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keyturner
Nuki Bridge
Nuki Smart Lock