CVE-2023-1748

Published: Apr 4, 2023Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.

Affected (4)

Products: Getnexx: Nxal 100 Firmware, Nxg 100b Firmware, Nxpg 100w Firmware, Nxg 200 Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxal 100 Firmware	Up to nxal100v-p1-9-1

Running on/with	Platform Versions
Getnexx Nxal 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 100b Firmware	Up to nxg100bv-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 100b	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxpg 100w Firmware	Up to nxpg100cv4-0-0

Running on/with	Platform Versions
Getnexx Nxpg 100w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 200 Firmware	Up to nxg200v-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 200	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.