CVE-2022-46496
Description
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
BTicino Door Entry HOMETOUCH for iOS 1.4.2 fails to validate TLS certificates, enabling MITM attacks to steal login credentials.
Vulnerability
The application does not correctly validate TLS certificates when connecting to a specific endpoint [1]. This missing validation affects versions prior to 1.5.1, leaving all communications vulnerable to interception [1].
Exploitation
An attacker with network access to the victim's device can perform a man-in-the-middle (MITM) attack by intercepting the TLS connection [1]. No authentication or user interaction is required beyond the normal use of the app, making the attack straightforward to execute [1].
Impact
Successful exploitation allows the attacker to obtain the user's login credentials [1]. This can lead to unauthorized access to the door entry system and potential compromise of physical security [1].
Mitigation
The vendor released version 1.5.1 on 23 January 2023, which fixes the TLS certificate validation [1]. Users should upgrade to version 1.5.1 or later to mitigate the vulnerability [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- BTicino/Door Entry HOMETOUCHdescription
- Range: = 1.4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.