7.2

CVE-2020-24395

EPSS 0.02%
Veröffentlicht 20.05.2021 14:15:07
Zuletzt bearbeitet 21.11.2024 05:14:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hom.Ee ≫ Brain Cube Core Version2.28.2

Hom.Ee ≫ Brain Cube Version-

Hom.Ee ≫ Brain Cube Core Version2.28.4

Hom.Ee ≫ Brain Cube Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.syss.de/pentest-blog/

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-026.txt

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-24395

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24395

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24395

EUVD