Sciener Kontrol Lux
4 CVEs affecting Sciener Kontrol Lux. Latest disclosed: 2024-03-15. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-7017 | Critical | 9.8 | 2024-03-15 | Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A cha… |
CVE-2023-7006 | Critical | 9.1 | 2024-03-15 | The unlockKey character in a lock using Sciener firmware can be brute forced through repeated challenge requests, compromising the locks integrity. |
CVE-2023-7009 | High | 8.2 | 2024-03-15 | Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. Thes… |
CVE-2023-7003 | Medium | 6.8 | 2024-03-15 | The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other lo… |