Vulnerabilities > CVE-2022-46307 - Incorrect Authorization vulnerability in Sguda U-Lock Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sguda

CWE-863

NVD

Published: 2023-06-02

Updated: 2023-06-09

Summary

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.

Vulnerable Configurations

Part	Description	Count
OS	Sguda Sguda U Lock Firmware -	1
Hardware	Sguda Sguda U Lock -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.twcert.org.tw/tw/cp-132-7099-e8897-1.html