Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for TTLock App by Sciener

    CVE-2023-7005 (GCVE-0-2023-7005)

    Vulnerability from nvd – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7005
    Summary
    A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:42:17.781968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:47:11.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:07.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:35:45.594Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7005",
          "x_generator": {
            "engine": "VINCE 3.0.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7005",
        "datePublished": "2024-12-19T17:35:45.594Z",
        "dateReserved": "2023-12-20T14:58:39.182Z",
        "dateUpdated": "2025-11-04T18:22:07.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7004 (GCVE-0-2023-7004)

    Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7004
    Summary
    The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 6.4.5
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:06.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.4.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7004",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T18:47:46.273560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-940",
                    "description": "CWE-940 Improper Verification of Source of a Communication Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:11:15.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:08:11.547Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7004",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7004",
        "datePublished": "2024-03-15T17:08:11.547Z",
        "dateReserved": "2023-12-20T14:56:26.682Z",
        "dateUpdated": "2025-11-04T18:22:06.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6960 (GCVE-0-2023-6960)

    Vulnerability from nvd – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-6960
    Summary
    TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 0 , ≤ 6.4.5 (custom)
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T14:03:29.310178Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T20:27:57.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:04.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-324: Use of a Key Past its Expiration Date",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-603: Use of Client-Side Authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:09:26.926Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-6960",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-6960",
        "datePublished": "2024-03-15T17:09:26.926Z",
        "dateReserved": "2023-12-19T19:28:41.442Z",
        "dateUpdated": "2025-11-04T18:22:04.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7005 (GCVE-0-2023-7005)

    Vulnerability from cvelistv5 – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7005
    Summary
    A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:42:17.781968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:47:11.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:07.890Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T17:35:45.594Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7005",
          "x_generator": {
            "engine": "VINCE 3.0.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7005",
        "datePublished": "2024-12-19T17:35:45.594Z",
        "dateReserved": "2023-12-20T14:58:39.182Z",
        "dateUpdated": "2025-11-04T18:22:07.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-6960 (GCVE-0-2023-6960)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-6960
    Summary
    TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 0 , ≤ 6.4.5 (custom)
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T14:03:29.310178Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T20:27:57.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:04.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-324: Use of a Key Past its Expiration Date",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-603: Use of Client-Side Authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:09:26.926Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-6960",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-6960",
        "datePublished": "2024-03-15T17:09:26.926Z",
        "dateReserved": "2023-12-19T19:28:41.442Z",
        "dateUpdated": "2025-11-04T18:22:04.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-7004 (GCVE-0-2023-7004)

    Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
    VLAI
    Title
    CVE-2023-7004
    Summary
    The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sciener TTLock App Affected: 6.4.5 , ≤ 6.4.5 (custom)
    Create a notification for this product.
    sciener ttlock_app Affected: 6.4.5
        cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:22:06.692Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/949046"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ttlock_app",
                "vendor": "sciener",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.4.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7004",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T18:47:46.273560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-940",
                    "description": "CWE-940 Improper Verification of Source of a Communication Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:11:15.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TTLock App",
              "vendor": "Sciener",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-15T17:08:11.547Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2023-7004",
          "x_generator": {
            "engine": "VINCE 2.1.11",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2023-7004",
        "datePublished": "2024-03-15T17:08:11.547Z",
        "dateReserved": "2023-12-20T14:56:26.682Z",
        "dateUpdated": "2025-11-04T18:22:06.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }