Published: 14/09/2018 Updated: 03/10/2019

CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 258

Vector: AV:A/AC:M/Au:N/C:N/I:P/A:N

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows malicious users to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

Vulnerable Product	Search on Vulmon	Subscribe to Product
o.bike smart_locker_firmware -
o.bike obike-stationless bike sharing 2.5.4

oBike Electronic Lock suffers from an access control bypass vulnerability via a replay attack on a predictable nonce ...

Reverse engineering of the oBike protocol communication (BLE and HTTP)

oBike Protocol Description (BLE/HTTP) This document provides an analysis of the oBike communication protocols as of January 2018 Results have been presented at the insomni'hack security conference 2019: slides recording as well as at the AREA41 security conference 2018: slides recording General oBike Communication The oBike lock consists of a TI CC2541 microcontroller

CWE-294 https://seclists.org/bugtraq/2018/Sep/30 https://nvd.nist.gov https://github.com/antoinet/obike https://packetstormsecurity.com/files/149357/oBike-Electronic-Lock-Bypass.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16242

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect