Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-06-23 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-9438
Mitre link : CVE-2020-9438
CVE.ORG link : CVE-2020-9438
JSON object : View
Products Affected
tinxy
- smart_wifi_door_lock
- smart_wifi_door_lock_firmware
CWE
CWE-294
Authentication Bypass by Capture-replay