High severity8.1NVD Advisory· Published Jul 20, 2023· Updated Jun 17, 2026
CVE-2023-34625
CVE-2023-34625
Description
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ShowMojo/MojoBox Digital Lockboxdescription
- Range: = 1.4
Patches
Vulnerability mechanics
References
3- mandomat.github.io/2023-03-15-testing-mojobox-security/nvdExploitTechnical DescriptionThird Party Advisory
- www.whid.ninja/blog/mojobox-yet-another-not-so-smartlocknvdExploitTechnical DescriptionThird Party Advisory
- packetstormsecurity.com/2307-exploits/mojobox14-replay.txtnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.