Vulnerability Details CVE-2021-44905
Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 8.5
References
- https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-change-the-device-name-hilarity-ensues
- https://online.fliphtml5.com/fbwgm/fome/#p=20
- https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-change-the-device-name-hilarity-ensues
- https://online.fliphtml5.com/fbwgm/fome/#p=20
Products affected by CVE-2021-44905
-
cpe:2.3:h:cef:fortessa_ftbtld:-
-
cpe:2.3:o:cef:fortessa_ftbtld_firmware:*