CVE-2018-16242

MEDIUM

oBike - Auth Bypass

Title source: llm

Description

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

References (1)

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2018/Sep/30

Scores

CVSS v3 5.3

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-294

Status published

Products (2)

o.bike/obike-stationless_bike_sharing 2.5.4

o.bike/smart_locker_firmware

Published Sep 14, 2018

Tracked Since Feb 18, 2026