CVE-2022-32505

HIGH

Nuki Smart Lock 2.0 < 2.12.4 and 3.0 < 3.3.5 - Denial of Service via Malformed BLE Packets

Title source: llm

Description

An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.

References (4)

Core 4

Core References

Various Sources

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/

Various Sources

https://nuki.io/en/security-updates/

Various Sources

https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/

Various Sources

https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

Scores

CVSS v3 7.1

EPSS 0.0046

EPSS Percentile 36.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026