CVE-2023-50124

{"id": "CVE-2023-50124", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-01-11T21:15:10.630", "references": [{"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner."}, {"lang": "es", "value": "Flient Smart Door Lock v1.0 es vulnerable al uso de credenciales predeterminadas. Debido a las credenciales predeterminadas en una interfaz de depuraci\u00f3n, en combinaci\u00f3n con ciertas opciones de dise\u00f1o, un atacante puede desbloquear Flient Smart Door Lock reemplazando la huella digital almacenada en el esc\u00e1ner."}], "lastModified": "2024-01-19T14:42:04.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:flient:smart_lock_advanced_firmware:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "447DBC97-7148-49AA-A3D9-03179AAFAEDA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:flient:smart_lock_advanced:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4CCF293-5319-41B1-8655-53668E0CEF67"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}