CVE-2023-1751

Published: Apr 4, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.

Affected (4)

Products: Getnexx: Nxal 100 Firmware, Nxg 100b Firmware, Nxpg 100w Firmware, Nxg 200 Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxal 100 Firmware	Up to nxal100v-p1-9-1

Running on/with	Platform Versions
Getnexx Nxal 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 100b Firmware	Up to nxg100bv-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 100b	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxpg 100w Firmware	Up to nxpg100cv4-0-0

Running on/with	Platform Versions
Getnexx Nxpg 100w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 200 Firmware	Up to nxg200v-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 200	All versions

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.