CVE-2023-39841

MEDIUM

Etekcity 3-in-1 Smart Door Lock Firmware - Missing Encryption

Title source: rule

Description

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

References (1)

[Exploit, Third Party Advisory] https://ashallen.net/smart-security-device-rfid-vulnerability-disclosure

Scores

CVSS v3 4.6

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

etekcity/3-in-1_smart_door_lock_firmware 1.0

Published Aug 15, 2023

Tracked Since Feb 18, 2026