Lucene search

IcscertCVELIST:CVE-2023-1752

HistoryApr 04, 2023 - 4:55 p.m.

CVE-2023-1752 CVE-2023-1752

2023-04-0416:55:40

icscert

www.cve.org

cve-2023-1752

nexx smart home

device registration

security vulnerability

mac address

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.

CNA Affected

[
  {
    "vendor": "Nexx",
    "product": "Smart Alarm NXAL-100",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "nxal100v-p1-9-1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Nexx",
    "product": "Smart Plug NXPG-100W",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "nxpg100cv4-0-0",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Nexx",
    "product": "Garage Door Controller NXG-100B, NXG-200",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "nxg200v-p3-4-1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for CVELIST:CVE-2023-1752