VYPR

TTLock App

by TTLock

CVEs (5)

  • CVE-2023-7005HigDec 19, 2024
    risk 0.49cvss 7.5epss 0.00

    A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.

  • CVE-2023-6960HigMar 15, 2024
    risk 0.49cvss 7.5epss 0.00

    TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.

  • CVE-2023-7004MedMar 15, 2024
    risk 0.42cvss 6.5epss 0.00

    The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.

  • CVE-2019-12943Sep 10, 2019
    risk 0.00cvss epss 0.01

    TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

  • CVE-2019-12942Sep 10, 2019
    risk 0.00cvss epss 0.01

    TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.