Lucene search

[email protected]NVD:CVE-2023-39842

HistoryAug 15, 2023 - 8:15 p.m.

CVE-2023-39842

2023-08-1520:15:11

CWE-311

[email protected]

web.nvd.nist.gov

rfid

encryption

vulnerability

digoo dg-hamb

security system

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

12.7%

JSON

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

Affected configurations

Nvd

Node

mydigoodg-hamb_smart_home_security_system_firmwareMatch1.0

AND

mydigoodg-hamb_smart_home_security_systemMatch-

VendorProductVersionCPE
mydigoodg-hamb_smart_home_security_system_firmware1.0cpe:2.3:o:mydigoo:dg-hamb_smart_home_security_system_firmware:1.0:*:*:*:*:*:*:*
mydigoodg-hamb_smart_home_security_system-cpe:2.3:h:mydigoo:dg-hamb_smart_home_security_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mydigoo	dg-hamb_smart_home_security_system_firmware	1.0	cpe:2.3:o:mydigoo:dg-hamb_smart_home_security_system_firmware:1.0:::::::*
mydigoo	dg-hamb_smart_home_security_system	-	cpe:2.3:h:mydigoo:dg-hamb_smart_home_security_system:-:::::::*

References

ashallen.net/smart-security-device-rfid-vulnerability-disclosure

CVSS3

2.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for NVD:CVE-2023-39842

cvelist1 cve1 prion1