Ismartalarm Security Vulnerabilities

CVE-2018-16222

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and...

CVE-2018-16224

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the...

CVE-2017-13664

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed...

CVE-2017-7729

On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in...

CVE-2017-7726

iSmartAlarm cube devices have an SSL Certificate Validation...

CVE-2017-7728

On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect...

CVE-2017-7730

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop...