TTLock App
by TTLock
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-7005 | Hig | 0.49 | 7.5 | 0.00 | Dec 19, 2024 | A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field. | ||
| CVE-2023-6960 | Hig | 0.49 | 7.5 | 0.00 | Mar 15, 2024 | TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion. | ||
| CVE-2023-7004 | Med | 0.42 | 6.5 | 0.00 | Mar 15, 2024 | The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity. | ||
| CVE-2019-12943 | 0.00 | — | 0.01 | Sep 10, 2019 | TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | |||
| CVE-2019-12942 | 0.00 | — | 0.01 | Sep 10, 2019 | TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. |
- risk 0.49cvss 7.5epss 0.00
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
- risk 0.49cvss 7.5epss 0.00
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
- risk 0.42cvss 6.5epss 0.00
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
- CVE-2019-12943Sep 10, 2019risk 0.00cvss —epss 0.01
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
- CVE-2019-12942Sep 10, 2019risk 0.00cvss —epss 0.01
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.