6.8
CVE-2022-30111
- EPSS 0.31%
- Veröffentlicht 18.05.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:02:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDue to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mck Smartlock Project ≫ Mck Smartlock Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.227 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
https://tiger-team-1337.blogspot.com/2022/05/rf-remote-mck-lock-predictable-rolling.html
https://twitter.com/Kevin2600/status/1495007534419038213
https://www.youtube.com/watch?v=EruaGuE-cWI