exploitDog

CVE-2019-17627

Опубликовано: 16 окт. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks.

Ссылки

https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md
Exploit
Third Party Advisory
https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yalehome:yale_bluetooth_key:-:*:*:*:*:android:*:*

EPSS

Процентиль: 37%

0.00158

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-m65f-5cxc-g5pg

CVSS3: 6.5

github

больше 3 лет назад

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks.

EPSS

Процентиль: 37%

0.00158

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-287