PT-2024-11573 · Nuki · Nuki Bridge V1+2
Published
2024-05-09
·
Updated
2024-08-14
·
CVE-2022-32509
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nuki Smart Lock versions 3.0 through 3.3.5
Nuki Bridge v1 versions 1.0 through 1.22.0
Nuki Bridge v2 versions 2.0 through 2.13.2
Description
An issue was discovered on certain Nuki Home Solutions devices, where lack of certificate validation on HTTP communications allows attackers to intercept and tamper with data.
Recommendations
For Nuki Smart Lock versions 3.0 through 3.3.5, update to version 3.3.5 or later.
For Nuki Bridge v1 versions 1.0 through 1.22.0, update to version 1.22.0 or later.
For Nuki Bridge v2 versions 2.0 through 2.13.2, update to version 2.13.2 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nuki Bridge V1
Nuki Bridge V2
Nuki Smart Lock