CVE-2018-16224
- EPSS 6.59%
- Veröffentlicht 20.11.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:19
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
CVE-2017-13663
- EPSS 0.44%
- Veröffentlicht 01.12.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
CVE-2017-13664
- EPSS 1.54%
- Veröffentlicht 01.12.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.
CVE-2017-7726
- EPSS 0.73%
- Veröffentlicht 11.07.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
CVE-2017-7728
- EPSS 3.42%
- Veröffentlicht 11.07.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
CVE-2017-7729
- EPSS 0.67%
- Veröffentlicht 11.07.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
CVE-2017-7730
- EPSS 1.25%
- Veröffentlicht 11.07.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.