CVE-2018-16242

MEDIUM

o.bike Smart Locker Firmware - Authentication Bypass via BLE Ciphertext Replay

Title source: llm
STIX 2.1

Description

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

References (1)

Core 1
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2018/Sep/30

Scores

CVSS v3 5.3
EPSS 0.0068
EPSS Percentile 47.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-294
Status published
Products (2)
o.bike/obike-stationless_bike_sharing 2.5.4
o.bike/smart_locker_firmware
Published Sep 14, 2018
Tracked Since Feb 18, 2026