Vulnerability Details : CVE-2023-25946
Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-25946
- cpe:2.3:o:qrio:q-sl2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-25946
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25946
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-25946
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-25946
-
https://qrio.me/article/announce/2023/4140/
【2023.5.18追記】Qrio Lockの通信プロトコルのさらなるセキュリティ強化を実施しました | Qrio製品情報・Qrio Store | Qrio(キュリオ)Vendor Advisory
-
https://jvn.jp/en/jp/JVN48687031/
JVN#48687031: Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replayThird Party Advisory
Jump to