CVE-2023-7005: CVE-2023-7005

Description

A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.

Classification

CVE ID: CVE-2023-7005

Affected Products

Vendor: Sciener

Product: TTLock App

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/

Timeline

2024-12-20 00:32:52 UTC
CVE

CVE-2023-7005