Bluetooth LE Stack Vulnerability in Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012: Unauthorized Access via Session Management and Credential Re-use

Bluetooth LE Stack Vulnerability in Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012: Unauthorized Access via Session Management and Credential Re-use

CVE-2022-46480 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

Learn more about our Web Application Penetration Testing UK.