Vulnerability Description
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-s
- https://nuki.io/en/security-updates/
- https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabili
- https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-option
- https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-s
- https://nuki.io/en/security-updates/
- https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabili
- https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-option
FAQ
What is CVE-2022-32506?
CVE-2022-32506 is a vulnerability with a CVSS score of 6.4 (MEDIUM). An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor...
How severe is CVE-2022-32506?
CVE-2022-32506 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32506?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.