CVE-2023-34625

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-294
View all →

Vulnerability Description

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.

Related Vulnerabilities

CVE-2017-5251

HIGH
CVSS:8.1(High)

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-2942017

CVE-2018-17935

HIGH
CVSS:8.1(High)

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of a...

CWE-2942018

CVE-2019-12887

HIGH
CVSS:8.1(High)

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

CWE-2942019

CVE-2019-13533

HIGH
CVSS:8.1(High)

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening a...

CWE-2942019

CVE-2020-27157

HIGH
CVSS:8.1(High)

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to ...

CWE-2942020