Vulnerabilities > CVE-2022-36228 - Missing Authorization vulnerability in Janusintl products

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

janusintl

CWE-862

NVD

Published: 2023-10-09

Updated: 2024-11-21

Summary

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

Vulnerable Configurations

Part	Description	Count
OS	Janusintl Janusintl Noke Standard Smart Padlock Firmware 5.3.0 Janusintl Noke HD Smart Padlock Firmware 5.3.0 Janusintl Noke Hd+ Smart Padlock Firmware 5.3.0	3
Hardware	Janusintl Janusintl Noke Standard Smart Padlock - Janusintl Noke HD Smart Padlock - Janusintl Noke Hd+ Smart Padlock -	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://gist.github.com/YTrick/59c06611052d3fdae034e7087293bbc0
https://gist.github.com/YTrick/59c06611052d3fdae034e7087293bbc0