CVE-2021-44905 — HIGH (8.2)

Vulnerability Description

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cef	Fortessa Ftbtld Firmware	>= 12-13-2022
Cef	Fortessa Ftbtld	-

Related Weaknesses (CWE)

CWE-276

References

https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-chaExploitThird Party Advisory
https://online.fliphtml5.com/fbwgm/fome/#p=20Product
https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-chaExploitThird Party Advisory
https://online.fliphtml5.com/fbwgm/fome/#p=20Product

FAQ

What is CVE-2021-44905?

CVE-2021-44905 is a vulnerability with a CVSS score of 8.2 (HIGH). Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.

How severe is CVE-2021-44905?

CVE-2021-44905 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44905?

Check the references section above for vendor advisories and patch information. Affected products include: Cef Fortessa Ftbtld Firmware, Cef Fortessa Ftbtld.