CVE-2017-7726

iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.

CVE-2017-7729

On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.

CVE-2017-7730

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.