CVE-2023-1752

Published: Apr 4, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.

Affected (4)

Products: Getnexx: Nxal 100 Firmware, Nxg 100b Firmware, Nxpg 100w Firmware, Nxg 200 Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxal 100 Firmware	Up to nxal100v-p1-9-1

Running on/with	Platform Versions
Getnexx Nxal 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 100b Firmware	Up to nxg100bv-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 100b	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxpg 100w Firmware	Up to nxpg100cv4-0-0

Running on/with	Platform Versions
Getnexx Nxpg 100w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Getnexx Nxg 200 Firmware	Up to nxg200v-p3-4-1

Running on/with	Platform Versions
Getnexx Nxg 200	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.