mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-31 10:41:19 +00:00
32 lines
1.3 KiB
JSON
32 lines
1.3 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2022-32510",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2024-05-14T10:43:42.323",
|
||
|
|
"lastModified": "2024-05-14T10:43:42.323",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://nuki.io/en/security-updates/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|