CVE-2022-46480

HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

Title source: llm

Description

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

References (2)

[Various Sources] https://arxiv.org/abs/2312.00021

[Exploit, Technical Description, Third Party Advisory] https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent

Scores

CVSS v3 8.1

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-294 CWE-384

Status published

Affected Products (1)

u-tec/ultraloq_ul3_bt_firmware

Timeline

Published Dec 05, 2023

Tracked Since Feb 18, 2026