Описание
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:o.bike:smart_locker_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:o.bike:smart_locker:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:o.bike:obike-stationless_bike_sharing:2.5.4:*:*:*:*:android:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-294
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-294