10

CVE-2023-1748

EPSS 0.12%
Veröffentlicht 04.04.2023 17:15:07
Zuletzt bearbeitet 21.11.2024 07:39:49
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getnexx ≫ Nxal-100 Firmware Version <= nxal100v-p1-9-1

Getnexx ≫ Nxal-100 Version-

Getnexx ≫ Nxg-100b Firmware Version <= nxg100bv-p3-4-1

Getnexx ≫ Nxg-100b Version-

Getnexx ≫ Nxpg-100w Firmware Version <= nxpg100cv4-0-0

Getnexx ≫ Nxpg-100w Version-

Getnexx ≫ Nxg-200 Firmware Version <= nxg200v-p3-4-1

Getnexx ≫ Nxg-200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.312

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ics-cert@hq.dhs.gov	9.3	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-1748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1748

EUVD