Challenge response can be retried indefinitely upon failure

Aleph Research Advisory

Identifier

CVE-2023-7003

Severity

Moderate

Product

Sciener Smart Locks

Technical Details

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused compromise other locks using the Sciener firmware. This AES key can be utilized to connect to any other Sciener lock that supports wireless keypads, without user knowledge or interaction.

Timeline

29-Oct-23
: Reported
21-Dec-23
: CVE-2023-7003 assigned
07-Mar-24
: Public disclosure

Credit

aronsky of Aleph Research, HCL Software
idan-strovinsky of Aleph Research, HCL Software
tomer-telem of Aleph Research, HCL Software