Filtered by vendor Sciener
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7017 | 1 Sciener | 1 Kontrol Lux Firmware | 2025-11-04 | 9.8 Critical |
| Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device. | ||||
| CVE-2023-7009 | 1 Sciener | 1 Kontrol Lux Firmware | 2025-11-04 | 8.2 High |
| Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity. | ||||
| CVE-2023-7006 | 1 Sciener | 1 Kontrol Lux Firmware | 2025-11-04 | 9.1 Critical |
| The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity. | ||||
| CVE-2023-7005 | 1 Sciener | 1 Ttlock App | 2025-11-04 | 7.5 High |
| A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field. | ||||
| CVE-2023-7004 | 1 Sciener | 1 Ttlock App | 2025-11-04 | 6.5 Medium |
| The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity. | ||||
| CVE-2023-7003 | 1 Sciener | 1 Ttlock App | 2025-11-04 | 6.8 Medium |
| The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware. | ||||
| CVE-2023-6960 | 1 Sciener | 1 Ttlock App | 2025-11-04 | 7.5 High |
| TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion. | ||||
Page 1 of 1.