CVE-2022-36228 — MEDIUM (6.5)

Vulnerability Description

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Janusintl	Noke Standard Smart Padlock Firmware	5.3.0
Janusintl	Noke Standard Smart Padlock	-
Janusintl	Noke Hd Smart Padlock Firmware	5.3.0
Janusintl	Noke Hd Smart Padlock	-
Janusintl	Noke Hd\+ Smart Padlock Firmware	5.3.0
Janusintl	Noke Hd\+ Smart Padlock	-

Related Weaknesses (CWE)

CWE-862

References

https://gist.github.com/YTrick/59c06611052d3fdae034e7087293bbc0Third Party Advisory
https://gist.github.com/YTrick/59c06611052d3fdae034e7087293bbc0Third Party Advisory

FAQ

What is CVE-2022-36228?

CVE-2022-36228 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

How severe is CVE-2022-36228?

CVE-2022-36228 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36228?

Check the references section above for vendor advisories and patch information. Affected products include: Janusintl Noke Standard Smart Padlock Firmware, Janusintl Noke Standard Smart Padlock, Janusintl Noke Hd Smart Padlock Firmware, Janusintl Noke Hd Smart Padlock, Janusintl Noke Hd\+ Smart Padlock Firmware.