CVE-2021-44518
MEDIUMeGeeTouch 3rd Generation Travel Padlock - Unauthenticated Pairing Code Interception via Cleartext BLE Transmission
Title source: llmDescription
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://ashallen.net/the-egeetouch-tsa-smart-lock-is-anything-but
Scores
CVSS v3
6.8
EPSS
0.0030
EPSS Percentile
21.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-319
Status
published
Products (1)
digipas/egeetouch_manager
Published
Dec 02, 2021
Tracked Since
Feb 18, 2026