CVE-2023-7017
Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device.
Learn more about our Web Application Penetration Testing UK.
Learn more about our Web Application Penetration Testing UK.