8.1
CVE-2023-1752
- EPSS 0.18%
- Veröffentlicht 04.04.2023 17:15:07
- Zuletzt bearbeitet 21.11.2024 07:39:49
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginThe listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getnexx ≫ Nxal-100 Firmware Version <= nxal100v-p1-9-1
Getnexx ≫ Nxg-100b Firmware Version <= nxg100bv-p3-4-1
Getnexx ≫ Nxpg-100w Firmware Version <= nxpg100cv4-0-0
Getnexx ≫ Nxg-200 Firmware Version <= nxg200v-p3-4-1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.392 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| ics-cert@hq.dhs.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.