← back
CVE-2024-36438

CVE-2024-36438

CVSS 7.3 HIGHEPSS 0.2%CWE-1263CWE-284CWE-285
In short

The eLinkSmart Hidden Smart Cabinet Lock fails to properly check if a user is authorized before allowing actions, which means attackers can duplicate access cards and gain unauthorized entry to cabinets.

Technical detail

The device implements insufficient authorization checks (CWE-284, CWE-285) for card management operations, allowing an unauthenticated or low-privileged attacker to duplicate valid access credentials without proper access control validation, potentially leading to unauthorized cabinet access and compromise of physical security.

Summary generated and translated by AI from the official description.
eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-044.txthttps://www.syss.de/pentest-blog/