78 matches found
多款Nexx产品授权问题漏洞
Nexx Garage Door Controller and others are products of Nexx Corporation.Nexx Garage Door Controller is a garage door controller.Nexx Smart Plug is a smart plug.Nexx Smart Alarm is a smart alarm. A security vulnerability exists in the Nexx Smart Home Device that stems from allowing any user to...
PT-2023-2619 · Nexx · Nexx Smart Alarm +2
Name of the Vulnerable Software and Affected Versions: Nexx Garage Door Controller versions NXG-100B, NXG-200 Nexx Smart Plug version NXPG-100W Nexx Smart Alarm version NXAL-100 Description: The issue is related to the use of hard-coded credentials in the firmware of Nexx Smart Home devices. This...
PT-2023-2623 · Nexx · Nexx Garage Door Controller +3
Name of the Vulnerable Software and Affected Versions: Nexx Smart Home devices affected versions not specified Nexx Garage Door Controller NXG-100B, NXG-200 Nexx Smart Plug NXPG-100W Nexx Smart Alarm NXAL-100 Description: The issue is related to weaknesses in the authentication procedure of Nexx...
PT-2023-2620 · Nexx · Nexx Smart Alarm +2
Name of the Vulnerable Software and Affected Versions: Nexx Garage Door Controller versions NXG-100B, NXG-200 Nexx Smart Plug version NXPG-100W Nexx Smart Alarm version NXAL-100 Description: The issue is related to a lack of proper access control when executing actions on Nexx Smart Home devices...
多款Nexx产品信任管理问题漏洞
Nexx Garage Door Controller and others are products of Nexx Corporation.Nexx Garage Door Controller is a garage door controller.Nexx Smart Plug is a smart plug.Nexx Smart Alarm is a smart alarm. A security vulnerability exists in the Nexx Smart Home Device that stems from the use of hard-coded...
D-Link DSP-W215 null pointer dereference vulnerability
The D-Link DSP-W215 is a smart plug product from D-Link, a Taiwan-based company. A security vulnerability exists in the D-Link DSP-W215 1.10, which can be exploited by attackers to cause a denial of service for related devices...
‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product
ARCHIVED STORY ‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product By Douglas McKee · August 18, 2020 Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn...
‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product
ARCHIVED STORY ‘Insight’ into Home Automation Reveals Vulnerability in Simple IoT Product By Douglas McKee · August 18, 2020 Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn...
D-Link DSP-W215 Information Disclosure Vulnerability (CNVD-2020-33174)
The D-Link DSP-W215 is a smart plug product from Taiwan, China-based AUO D-Link. A security vulnerability exists in D-Link DSP-W215 version 1.26b03. An attacker can exploit the vulnerability to cause information disclosure...
Unspecified Vulnerability in Eques Technology elf smart plug
Eques Technology elf smart plug is a smart plug device from Eques Technology in China. A security vulnerability exists in the Eques Technology elf smart plug. An attacker could use this vulnerability to discover all smart plugs in a network, take control of the device and perform actions...
CVE-2019-15745
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart...
Hardcoded credentials
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart...
CVE-2019-15745
The CVE-2019-15745 entry concerns the Eques elf smart plug (and its mobile app). The vulnerability arises from a hardcoded AES-256 key used to encrypt commands/responses between the device and the app, with communication over UDP port 27431. According to the sources, an attacker on the local netw...
CVE-2019-15745
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
Belkin Wemo Insight Smart Plug Stack Buffer Overflow Vulnerability
Belkin Wemo Insight Smart Plug is a smart plug device from Belkin USA. A stack buffer overflow vulnerability exists in the libUPnPHndlr.so file in the Belkin Wemo Insight Smart Plug. A remote attacker can exploit this vulnerability to bypass local security protections with the help of specially...
CVE-2018-6692 Wemo Insight Smart Plug - Remote Code Execution vulnerability
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet...
CVE-2018-6692
CVE-2018-6692 describes a stack-based buffer overflow in Belkin’s Wemo Insight Smart Plug, specifically in the library libUPnPHndlr.so. The flaw can be triggered by crafting an HTTP POST to UPnP endpoints (notably through the EnergyPerUnitCostVersion field inside a SOAP/UPnP payload), leading to ...
Belkin WeMo Switch Smart Plug Detection via SSDP
Binary data 700294.prm...