CVE-2022-32507 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-32507
CWE	https://cwe.mitre.org/data/definitions/.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-32507

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.

References

https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
https://nuki.io/en/security-updates/
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/