3 matches found
CVE-2023-28386
creationtimestamp| type| source ---|---|--- 2023-05-23 00:25:42+00:00| seen| https://t.me/cibsecurity/64572 2024-11-14 14:04:06+00:00| published-proof-of-concept| https://t.me/truesecator/6430...
CVE-2023-28386
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...
CVE-2023-28386
CVE-2023-28386 affects Snap One OvrC Pro devices (7.2 and earlier). The root cause is improper firmware update validation: only the MD5 hash is checked, with no PKI-based firmware signature verification, enabling upload of arbitrary firmware and remote code execution. Public details in multiple s...