CVE-2023-0896

Published: May 1, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.

Affected (1)

Products: Lenovo: Smart Clock Essential With Alexa Built In Firmware

Lenovo

1 product

Smart Clock Essential With Alexa Built In Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Smart Clock Essential With Alexa Built In Firmware	Before 90

Running on/with	Platform Versions
Lenovo Smart Clock Essential With Alexa Built In	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

https://support.lenovo.com/us/en/product_security/LEN-113714

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-113714

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1692

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.