Sign-up

ID

VAR-201809-0942


CVE

CVE-2018-16242


TITLE

Hangzhou Luoping Smart Locker Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011165

DESCRIPTION

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. Hangzhou Luoping Smart Locker Contains an access control vulnerability.Information may be tampered with. oBike is a bicycle sharing system of Singapore oBike Company. There is a security flaw in oBike

Trust: 1.71

sources: NVD: CVE-2018-16242 // JVNDB: JVNDB-2018-011165 // VULHUB: VHN-126582

AFFECTED PRODUCTS

vendor:o bikemodel:obike-stationless bike sharingscope:eqversion:2.5.4

Trust: 1.6

vendor:o bikemodel:smart lockerscope:eqversion: -

Trust: 1.6

vendor:obikemodel:obike-stationless bike sharingscope: - version: -

Trust: 0.8

vendor:obikemodel:smart lockerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-011165 // CNNVD: CNNVD-201809-730 // NVD: CVE-2018-16242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16242
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16242
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-730
value: MEDIUM

Trust: 0.6

VULHUB: VHN-126582
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-16242
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126582
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16242
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126582 // JVNDB: JVNDB-2018-011165 // CNNVD: CNNVD-201809-730 // NVD: CVE-2018-16242

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-126582 // JVNDB: JVNDB-2018-011165 // NVD: CVE-2018-16242

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-730

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201809-730

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011165

PATCH
title:oBike-Stationless Bike Sharingurl:https://play.google.com/store/apps/details?id=com.obike&hl=en_US
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011165

EXTERNAL IDS
db:NVDid:CVE-2018-16242
Trust: 2.5
db:JVNDBid:JVNDB-2018-011165
Trust: 0.8
db:CNNVDid:CNNVD-201809-730
Trust: 0.7
db:PACKETSTORMid:149357
Trust: 0.1
db:VULHUBid:VHN-126582
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126582 // 
            
            
            
            JVNDB: JVNDB-2018-011165 // 
            
            
            
            CNNVD: CNNVD-201809-730 // 
            
            
            
            NVD: CVE-2018-16242

REFERENCES
url:https://seclists.org/bugtraq/2018/sep/30
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16242
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16242
Trust: 0.8
sources:
            
            
            VULHUB: VHN-126582 // 
            
            
            
            JVNDB: JVNDB-2018-011165 // 
            
            
            
            CNNVD: CNNVD-201809-730 // 
            
            
            
            NVD: CVE-2018-16242

SOURCES
db:VULHUBid:VHN-126582
db:JVNDBid:JVNDB-2018-011165
db:CNNVDid:CNNVD-201809-730
db:NVDid:CVE-2018-16242

LAST UPDATE DATE
2024-11-23T22:00:18.061000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126582date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011165date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201809-730date:2019-10-23T00:00:00
db:NVDid:CVE-2018-16242date:2024-11-21T03:52:21.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-126582date:2018-09-14T00:00:00
db:JVNDBid:JVNDB-2018-011165date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201809-730date:2018-09-17T00:00:00
db:NVDid:CVE-2018-16242date:2018-09-14T21:29:03.817