CVE-2023-7017

Name of the Vulnerable Software and Affected Versions Sciener locks (affected versions not specified)

Description The firmware update mechanism of the locks does not authenticate or validate firmware updates when they are passed through the Bluetooth Low Energy service. An attacker can send a challenge request with a command to prepare for an update, rather than an unlock request, which allows the attacker to compromise the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.