CVE-2022-32502 - Vulnerability Details - OpenCVE

An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Nuki	Nuki Smart Lock

No data.

No data.

References

Link	Providers
https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
https://nuki.io/en/security-updates/
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

History

Fri, 14 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nuki Nuki nuki Smart Lock
CPEs		cpe:2.3:a:nuki:nuki_smart_lock:2.0:::::::*
Vendors & Products		Nuki Nuki nuki Smart Lock
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-09T19:37:08.770Z

Updated: 2025-02-13T15:46:23.153Z

Reserved: 2022-06-06T00:00:00.000Z

Link: CVE-2022-32502

Vulnrichment

Updated: 2024-08-03T07:46:43.419Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T10:43:40.783

Modified: 2024-11-21T07:06:29.590

Link: CVE-2022-32502

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32502", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T15:46:23.153Z", "datePublished": "2024-05-09T19:37:08.770Z", "dateReserved": "2022-06-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-09T19:37:09.224Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"url": "https://nuki.io/en/security-updates/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "nuki", "product": "nuki_smart_lock", "cpes": ["cpe:2.3:a:nuki:nuki_smart_lock:2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.22.0", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "2.13.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T15:31:08.771490Z", "id": "CVE-2022-32502", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T15:31:14.306Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.419Z"}, "title": "CVE Program Container", "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "tags": ["x_transferred"]}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "tags": ["x_transferred"]}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "tags": ["x_transferred"]}, {"url": "https://nuki.io/en/security-updates/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "tags": ["x_transferred"]}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "tags": ["x_transferred"]}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "tags": ["x_transferred"]}, {"url": "https://nuki.io/en/security-updates/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.419Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-32502", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-18T15:31:08.771490Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nuki:nuki_smart_lock:2.0:*:*:*:*:*:*:*"], "vendor": "nuki", "product": "nuki_smart_lock", "versions": [{"status": "affected", "version": "0", "lessThan": "1.22.0", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "2.13.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T15:29:12.610Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"url": "https://nuki.io/en/security-updates/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-09T19:37:09.224Z"}}}, "cveMetadata": {"cveId": "CVE-2022-32502", "state": "PUBLISHED", "dateUpdated": "2025-02-13T15:46:23.153Z", "dateReserved": "2022-06-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-09T19:37:08.770Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}, {"lang": "es", "value": "Se ha descubierto un problema en determinados dispositivos de Nuki Home Solutions. Hay un desbordamiento del b\u00fafer sobre la l\u00f3gica de an\u00e1lisis del token cifrado en el servicio HTTP que permite la ejecuci\u00f3n remota de c\u00f3digo. Esto afecta a Nuki Bridge v1 anterior a 1.22.0 y v2 anterior a 2.13.2."}], "id": "CVE-2022-32502", "lastModified": "2024-11-21T07:06:29.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T10:43:40.783", "references": [{"source": "cve@mitre.org", "url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"source": "cve@mitre.org", "url": "https://nuki.io/en/security-updates/"}, {"source": "cve@mitre.org", "url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"source": "cve@mitre.org", "url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://nuki.io/en/security-updates/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}