CVE-2022-46480 — HIGH (8.1)

Vulnerability Description

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
U-Tec	Ultraloq Ul3 Bt Firmware	02.27.0012
U-Tec	Ultraloq Ul3 Bt	2nd_gen

Related Weaknesses (CWE)

CWE-384 CWE-294

References

https://arxiv.org/abs/2312.00021
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-4ExploitTechnical DescriptionThird Party Advisory
https://arxiv.org/abs/2312.00021
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-4ExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2022-46480?

CVE-2022-46480 is a vulnerability with a CVSS score of 8.1 (HIGH). Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the devic...

How severe is CVE-2022-46480?

CVE-2022-46480 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46480?

Check the references section above for vendor advisories and patch information. Affected products include: U-Tec Ultraloq Ul3 Bt Firmware, U-Tec Ultraloq Ul3 Bt.