MidnightBSD

Advisories for o.bike

CVE-2018-16242 LOW

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

CVSS 2.0

Severity: LOW

Problem Type: CWE-294,

Products Affected

Vendor Product Version
o.bike smart_locker_firmware -
o.bike obike-stationless_bike_sharing 2.5.4