CVE-2023-25946

Summary

Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.

Affected Software

VendorProductVersion RangeStatus
Qrio, inc.Qrio Lock (Q-SL2)firmware version 2.0.9 and earlieraffected

Weaknesses

  • Authentication bypass by capture-replay

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References