Lucene search

MitreCVE-2023-36160

HistorySep 16, 2023 - 12:15 a.m.

CVE-2023-36160

2023-09-1600:15:07

mitre

web.nvd.nist.gov

qubo smart plug

vulnerability

cve-2023-36160

information disclosure

uart console

local attack

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.

Affected configurations

Nvd

Node

quboworldsmart_plug_10a_firmwareMatchhsp02_01_01_14_system-10_a

AND

quboworldsmart_plug_10aMatch-

VendorProductVersionCPE
quboworldsmart_plug_10a_firmwarehsp02_01_01_14_system-10_acpe:2.3:o:quboworld:smart_plug_10a_firmware:hsp02_01_01_14_system-10_a:*:*:*:*:*:*:*
quboworldsmart_plug_10a-cpe:2.3:h:quboworld:smart_plug_10a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
quboworld	smart_plug_10a_firmware	hsp02_01_01_14_system-10_a	cpe:2.3:o:quboworld:smart_plug_10a_firmware:hsp02_01_01_14_system-10_a:::::::*
quboworld	smart_plug_10a	-	cpe:2.3:h:quboworld:smart_plug_10a:-:::::::*

References

github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-36160