CVE-2022-46480

HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

Title source: llm

Description

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

References (2)

[Various Sources] https://arxiv.org/abs/2312.00021

[Exploit, Technical Description, Third Party Advisory] https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent

Scores

CVSS v3 8.1

EPSS 0.0011

EPSS Percentile 28.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-294 CWE-384

Status published

Products (1)

u-tec/ultraloq_ul3_bt_firmware 02.27.0012

Published Dec 05, 2023

Tracked Since Feb 18, 2026