CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Getnexx 4Nxal 100 Firmware Nxg 100b FirmwareNxg 200 Firmware+1 moreNov 21, 2024 Apr 4, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. |
1Getnexx 4Nxal 100 Firmware Nxg 100b FirmwareNxg 200 Firmware+1 moreNov 21, 2024 Apr 4, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized...Show more |
1Getnexx 4Nxal 100 Firmware Nxg 100b FirmwareNxg 200 Firmware+1 moreNov 21, 2024 Apr 4, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device informa...Show more |
1Getnexx 4Nxal 100 Firmware Nxg 100b FirmwareNxg 200 Firmware+1 moreNov 21, 2024 Apr 4, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. |
1Getnexx 4Nxal 100 Firmware Nxg 100b FirmwareNxg 200 Firmware+1 moreNov 21, 2024 Apr 4, 2023 N/A· v4 10.0 CRITICAL· v3 N/A· v2 The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ...Show more |