Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns

  /     /     /  
Publicated : 23/11/2024   Category : security

Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns


CISA is advising Nexx customers to unplug impacted devices until the security issues are addressed — but so far, its crickets as to patch timeline.


Garage door controllers, smart plugs, and smart alarms sold by Nexx contain cybersecurity vulnerabilities that could enable cyberattackers to crack open home garage doors, take over smart plugs, and gain remote control of smart alarms, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
And although independent cybersecurity researcher Sam Sabetan reported that he discovered several vulnerabilities in late 2022 and alerted Nexx to the issues, the company has yet to respond.
Nexx has not replied to Dark Readings request for comment, either.
CISAs April 4 warning
 applies to three specific Nexx
Internet of Things
 (IoT) products: Nexx Garage Door Controller (NXG-100B, NXG-200), version nxg200v-p3-4-1 and prior; Nexx Smart Plug (NXPG-100W), version nxpg100cv4-0-0 and prior; and Nexx Smart Alarm (NXAL-100), version nxal100v-p1-9-1 and prior.
The Nexx products have five identified vulnerabilities, according to CISA, the highest of which has a critical CVSS vulnerability severity score of 9.3.
CVE-2023-1748: Use of Hard-Coded Credentials CWE-798 (CVSS 9.3)
CVE-2023-1749: Authorization Bypass Through User-Controlled Key CWE-639 (CVSS 6.5)
CVE 2023-1750: Authorization Bypass Through User-Controlled Key CWE-639 (CVSS 7.1)
CVE-2023-1751: Improper Input Validation CWE-20 (CVSS 7.5)
CVE-2023-1752: Improper Authentication CWE-287 (CVSS 8.1)
Until Nexx issues a fix, Sabetan and CISA recommend that users unplug affected devices. 
If you are a Nexx customer, I strongly recommend disconnecting your devices and contacting Nexx to inquire about remediation steps,
Sabetan said in his disclosure
. It is crucial for consumers to be aware of the potential risks associated with IoT devices and to demand higher security standards from manufacturers.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns