The following warnings occurred:
Warning [2] Undefined variable $redirect_url - Line: 8 - File: global.php(547) : eval()'d code PHP 8.0.30 (Linux)
File Line Function
/global.php(547) : eval()'d code 8 errorHandler->error
/global.php 547 eval
/showthread.php 26 require_once
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.0.30 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.0.30 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.0.30 (Linux)
File Line Function
/global.php 909 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5010 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 5010 errorHandler->error
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key "additionalgroups" - Line: 7045 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 7045 errorHandler->error
/inc/functions.php 5030 is_member
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key "additionalgroups" - Line: 7045 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 7045 errorHandler->error
/inc/functions.php 5030 is_member
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined property: MyLanguage::$bottomlinks_returncontent - Line: 6 - File: global.php(938) : eval()'d code PHP 8.0.30 (Linux)
File Line Function
/global.php(938) : eval()'d code 6 errorHandler->error
/global.php 938 eval
/showthread.php 26 require_once
Warning [2] Undefined array key 1 - Line: 1401 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 1401 errorHandler->error
/inc/functions.php 1366 fetch_forum_permissions
/inc/functions.php 2895 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1401 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 1401 errorHandler->error
/inc/functions.php 1366 fetch_forum_permissions
/inc/functions.php 2895 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key "mybb" - Line: 1938 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 1938 errorHandler->error
/inc/functions_indicators.php 41 my_set_array_cookie
/showthread.php 629 mark_thread_read
Warning [2] Undefined property: MyLanguage::$ratings_update_error - Line: 5 - File: showthread.php(732) : eval()'d code PHP 8.0.30 (Linux)
File Line Function
/showthread.php(732) : eval()'d code 5 errorHandler->error
/showthread.php 732 eval
Warning [2] Undefined array key "additionalgroups" - Line: 7045 - File: inc/functions.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions.php 7045 errorHandler->error
/inc/functions_user.php 837 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.0.30 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "posttime" - Line: 16 - File: inc/functions_post.php(871) : eval()'d code PHP 8.0.30 (Linux)
File Line Function
/inc/functions_post.php(871) : eval()'d code 16 errorHandler->error
/inc/functions_post.php 871 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "invisible" - Line: 1506 - File: showthread.php PHP 8.0.30 (Linux)
File Line Function
/showthread.php 1506 errorHandler->error





Nuki Smart Lock Vulnerabilities Allow Hackers to Open Doors
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
pysong
Riggedy-riggedy-rekt Warlock
*****

Posts: 529
Joined: Feb 2023
Reputation: 0
#1
16 Feb 2023, 05:17

Nuki offers smart lock products – Nuki Smart Lock and Nuki Bridge – that allow users to unlock their doors with their smartphones by simply walking in range.To get more news about wifi security lock, you can visit securamsys.com official website.

The vulnerabilities identified by NCC Group in the latest versions of the products could allow attackers to intercept a Nuki product’s network traffic, to execute arbitrary code on the device, to send commands with elevated privileges, or cause a denial-of-service (DoS) condition. The vendor has released patches.Nuki smart lock vulnerabilities
“Some of the vulnerabilities result in a fully compromised device, including capabilities to open and close the door without the owner noticing,” NCC researchers Guillermo del Valle Gil and Daniel Romero told SecurityWeek.

“This could be achieved either from the same WiFi network as the lock device, or from Nuki servers themselves. Some of the other attacks require physical access to at least one device, which may be possible, since some of them are installed outside the protected area,” the researchers also said.

Both Nuki Smart Lock and Nuki Bridge were found to lack SSL/TLS certificate validation, allowing an attacker to perform a man-in-the-middle attack and intercept network traffic. The bug is tracked as CVE-2022-32509.

“It was possible to set up an intercepting proxy to capture, analyze and modify communications between the affected device and the supporting web services,” NCC Group explains in a technical advisory.

The security researchers also identified two buffer overflow bugs (CVE-2022-32504 and CVE-2022-32502) that could be exploited to achieve arbitrary code execution on the vulnerable devices.

Impacting the code responsible for parsing JSON objects received from the SSE WebSocket, the first buffer overflow could be combined with the lack of SSL/TLS certificate validation to intercept and tamper with the WebSocket packets to take control of the device.

“Additionally, if a malicious user could get access to the Nuki’s SSE servers this could be used to take control of all the affected devices,” NCC warns.

Discovered in the HTTP API parameter parsing code, the second buffer overflow could be exploited from within the LAN, even if the attacker did not have a valid token, as long as the HTTP API was enabled.

NCC Group also discovered that Nuki’s implementation of the Bluetooth Low Energy (BLE) API lacked proper access controls (CVE-2022-32507), allowing an attacker to send high-privileged commands they should not have permissions to send.

Because BLE commands could be sent from unprivileged accounts, such as the keypad, an attacker could open the keyturner without knowing the keypad code, and could even try to change the keyturner admin security PIN, the researchers say.

To open the keyturner, an attacker would take advantage of the fact that the impacted devices also expose JTAG hardware interfaces. Tracked as CVE-2022-32503, the flaw allows an attacker to tamper with internal and external flash memory.

“An attacker with physical access to any of these ports may be able to connect to the device and bypass both hardware and software security protections. JTAG debug may be usable to circumvent software security mechanisms, as well as to obtain the full firmware stored in the device unencrypted,” NCC says.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)