| عنوان | motogadget mo.lock NFC CWE-290, CWE-327, CWE-1394 |
|---|
| الوصف | RESERVED IDENTIFIER: CVE-2025-6666
This vulnerability in the motogadget mo.lock ignition lock (NFC version) allows an attacker to duplicate an ignition key by exploiting a hard-coded cryptographic key and a weak authentication protocol.
The issue stems from the device's reliance on a preprogrammed "master key" that is shared globally across all units for password derivation. Because of this global reuse, an attacker can with brief physical proximity can perform a high-speed non-privileged read of a key's serial number using standard NFC reading equipment such as a smartphone. Subsequently, the serial number can be replayed to any mo.lock NFC unit to brute-force the low-entropy password verification value used for authentication. This allows for successful authentication bypass by spoofing the original key, and results in unauthorized vehicle ignition. |
|---|
| المصدر | ⚠️ https://office.dngr.us/s/iZHrwtf2xRPoeJj/download |
|---|
| المستخدم | drewbug (UID 92544) |
|---|
| ارسال | 25/11/2025 02:07 PM (7 أشهر منذ) |
|---|
| الاعتدال | 29/11/2025 09:56 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 333785 [motogadget mo.lock Ignition Lock حتى 20251125 NFC تشفير ضعيف] |
|---|
| النقاط | 20 |
|---|