Vulnerability Details CVE-2022-46480
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.8%
CVSS Severity
CVSS v3 Score 8.1
References
- https://arxiv.org/abs/2312.00021
- https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent
- https://arxiv.org/abs/2312.00021
- https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent
Products affected by CVE-2022-46480
-
cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen
-
cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012