Login Sign Up

CVE-2022-32507

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows unprivileged users to execute Bluetooth Low Energy (BLE) commands that should require privileged access on Nuki smart locks. It affects Nuki Smart Lock 3.0 before version 3.3.5 and Nuki Smart Lock 2.0 before version 2.12.4, enabling unauthorized control of the locks.

💻 Affected Systems

Products:
  • Nuki Smart Lock 3.0
  • Nuki Smart Lock 2.0
Versions: Nuki Smart Lock 3.0: versions before 3.3.5; Nuki Smart Lock 2.0: versions before 2.12.4
Operating Systems: Nuki firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected firmware versions are vulnerable by default. Exploitation requires physical proximity to the lock via Bluetooth Low Energy.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers within BLE range could unlock doors, change lock settings, or disable security features without authorization, potentially leading to physical security breaches.

🟠

Likely Case

Unauthorized users with BLE access could unlock doors or manipulate lock settings, compromising home or building security.

🟢

If Mitigated

With proper access controls, only authorized users could execute privileged BLE commands, maintaining intended security functionality.

🌐 Internet-Facing: LOW (Exploitation requires physical proximity via BLE, not internet connectivity)
🏢 Internal Only: HIGH (Attackers within BLE range can exploit without authentication)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Technical details and proof-of-concept are publicly available in research publications. Exploitation requires BLE-capable device and proximity to the lock.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nuki Smart Lock 3.0: 3.3.5 or later; Nuki Smart Lock 2.0: 2.12.4 or later

Vendor Advisory: https://nuki.io/en/security-updates/

Restart Required: Yes

Instructions:

1. Open Nuki app on your smartphone. 2. Navigate to your lock's settings. 3. Check for firmware updates. 4. If update available, install it. 5. The lock will restart automatically after update.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Temporarily disable Bluetooth functionality on the lock to prevent BLE attacks (limits remote access functionality)

Increase physical security monitoring

all

Enhance surveillance and physical access controls around vulnerable locks

🧯 If You Can't Patch

  • Physically secure the lock location to prevent unauthorized BLE proximity
  • Implement additional physical security measures (cameras, alarms, secondary locks)

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Nuki app: Settings > Your Lock > Firmware Version

Check Version:

Nuki app: Settings > Your Lock > Firmware Version

Verify Fix Applied:

Confirm firmware version is 3.3.5 or later for Smart Lock 3.0, or 2.12.4 or later for Smart Lock 2.0

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed BLE authentication attempts
  • Unusual BLE command patterns from unknown devices

Network Indicators:

  • Unusual BLE traffic patterns near lock locations
  • BLE connections from unauthorized devices

SIEM Query:

Not applicable - physical BLE attacks don't generate traditional network logs

📊 Metadata

CVE ID: CVE-2022-32507
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284
Published: May 14, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32507, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)