Nuki Bridge v2
by Nuki
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32504 | Cri | 0.64 | 9.8 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a… | ||
| CVE-2022-32508 | Hig | 0.49 | 7.5 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||
| CVE-2022-32506 | Med | 0.42 | 6.4 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal… | ||
| CVE-2022-32502 | Med | 0.41 | 6.3 | 0.01 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. |
- risk 0.64cvss 9.8epss 0.00
An issue was discovered on certain Nuki Home Solutions devices. The code used to parse the JSON objects received from the WebSocket service provided by the device leads to a stack buffer overflow. An attacker would be able to exploit this to gain arbitrary code execution on a…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
- risk 0.42cvss 6.4epss 0.00
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal…
- risk 0.41cvss 6.3epss 0.01
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.