Search
Find a vulnerability
Search criteria
6 vulnerabilities found for TTLock App by Sciener
CVE-2023-7005 (GCVE-0-2023-7005)
Vulnerability from nvd – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-7005
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:42:17.781968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:47:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:07.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:35:45.594Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7005",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7005",
"datePublished": "2024-12-19T17:35:45.594Z",
"dateReserved": "2023-12-20T14:58:39.182Z",
"dateUpdated": "2025-11-04T18:22:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7004 (GCVE-0-2023-7004)
Vulnerability from nvd – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-7004
Summary
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.4.5
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:06.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T18:47:46.273560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:11:15.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:11.547Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7004",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7004",
"datePublished": "2024-03-15T17:08:11.547Z",
"dateReserved": "2023-12-20T14:56:26.682Z",
"dateUpdated": "2025-11-04T18:22:06.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6960 (GCVE-0-2023-6960)
Vulnerability from nvd – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-6960
Summary
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
0 , ≤ 6.4.5
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:03:29.310178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:27:57.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-603: Use of Client-Side Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:09:26.926Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-6960",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-6960",
"datePublished": "2024-03-15T17:09:26.926Z",
"dateReserved": "2023-12-19T19:28:41.442Z",
"dateUpdated": "2025-11-04T18:22:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7005 (GCVE-0-2023-7005)
Vulnerability from cvelistv5 – Published: 2024-12-19 17:35 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-7005
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:42:17.781968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:47:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:07.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:35:45.594Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7005",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7005"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7005",
"datePublished": "2024-12-19T17:35:45.594Z",
"dateReserved": "2023-12-20T14:58:39.182Z",
"dateUpdated": "2025-11-04T18:22:07.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6960 (GCVE-0-2023-6960)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:09 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-6960
Summary
TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
0 , ≤ 6.4.5
(custom)
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:03:29.310178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:27:57.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:04.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TTLock App virtual keys and settings are only deleted client side, and if preserved, can access the lock after intended deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-603: Use of Client-Side Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:09:26.926Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-6960",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-6960"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-6960",
"datePublished": "2024-03-15T17:09:26.926Z",
"dateReserved": "2023-12-19T19:28:41.442Z",
"dateUpdated": "2025-11-04T18:22:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7004 (GCVE-0-2023-7004)
Vulnerability from cvelistv5 – Published: 2024-03-15 17:08 – Updated: 2025-11-04 18:22
VLAI
EPSS
VEX
Title
CVE-2023-7004
Summary
The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sciener | TTLock App |
Affected:
6.4.5 , ≤ 6.4.5
(custom)
|
|
| sciener | ttlock_app |
Affected:
6.4.5
cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:06.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
},
{
"url": "https://www.kb.cert.org/vuls/id/949046"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciener:ttlock_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ttlock_app",
"vendor": "sciener",
"versions": [
{
"status": "affected",
"version": "6.4.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-7004",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T18:47:46.273560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "CWE-940 Improper Verification of Source of a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:11:15.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TTLock App",
"vendor": "Sciener",
"versions": [
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T17:08:11.547Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-7004",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-7004"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-7004",
"datePublished": "2024-03-15T17:08:11.547Z",
"dateReserved": "2023-12-20T14:56:26.682Z",
"dateUpdated": "2025-11-04T18:22:06.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}