CVE-2022-32502

MEDIUM

Nuki Bridge v1 < 1.22.0 and v2 < 2.13.2 - Remote Code Execution via Encrypted Token Parsing

Title source: llm

Description

An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

References (4)

Core 4

Core References

Various Sources

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

Various Sources

https://nuki.io/en/security-updates/

Various Sources

https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

Various Sources

https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

Scores

CVSS v3 6.3

EPSS 0.0131

EPSS Percentile 67.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026