Vulnerability Details CVE-2018-16242
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 2.9
Products affected by CVE-2018-16242
-
cpe:2.3:a:o.bike:obike-stationless_bike_sharing:2.5.4
-
cpe:2.3:h:o.bike:smart_locker:-
-
cpe:2.3:o:o.bike:smart_locker_firmware:-