VYPR

Nuki Bridge

by Nuki

CVEs (3)

  • CVE-2022-32509HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.

  • CVE-2022-32508HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

  • CVE-2022-32502MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.01

    An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.