Description
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.
References (4)
Core 4
Core References
Various Sources
https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
Various Sources
https://nuki.io/en/security-updates/
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
20.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Published
May 14, 2024
Tracked Since
Feb 18, 2026