CVE-2022-32502

{"id": "CVE-2022-32502", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T10:43:40.783", "references": [{"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "source": "cve@mitre.org"}, {"url": "https://nuki.io/en/security-updates/", "source": "cve@mitre.org"}, {"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "source": "cve@mitre.org"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}, {"lang": "es", "value": "Se ha descubierto un problema en determinados dispositivos de Nuki Home Solutions. Hay un desbordamiento del b\u00fafer sobre la l\u00f3gica de an\u00e1lisis del token cifrado en el servicio HTTP que permite la ejecuci\u00f3n remota de c\u00f3digo. Esto afecta a Nuki Bridge v1 anterior a 1.22.0 y v2 anterior a 2.13.2."}], "lastModified": "2024-07-03T01:38:30.257", "sourceIdentifier": "cve@mitre.org"}