CVE-2017-17436

Published: Dic 07, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-8600 Aliases: GSD-2017-17436

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

LOW 3,3

Source: [email protected]

Access Vector: adjacent_network

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: none

Availability: none

Description

AI Translation Available

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with 'Highest Level Bluetooth Encryption' and 'Data transmissions are secure via AES256 bit encryption.' These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 90 Days)

326

Inadequate Encryption Strength

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality

Potential Impacts:

Bypass Protection Mechanism Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

Operating System

Vt20I Firmware by Vaulteksafe

Product Information

Vendor Vaulteksafe

Product Vt20I Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://vaulteksafe.com/index.php/cve-2017-17435/

Mitigation Vendor Advisory

https://vaulteksafe.com/index.php/cve-2017-17435/

https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

Third Party Advisory

https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

https://vaulteksafe.com/index.php/cve-2017-17435/

Mitigation Vendor Advisory

https://vaulteksafe.com/index.php/cve-2017-17435/

https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

Third Party Advisory

https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

CVE-2017-17436

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Inadequate Encryption Strength

Common Consequences

Applicable Platforms

Vt20I Firmware by Vaulteksafe

Product Information

Iscriviti alla newsletter