Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns

  /     /     /  
Publicated : 23/11/2024   Category : security


Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns


CISA is advising Nexx customers to unplug impacted devices until the security issues are addressed — but so far, its crickets as to patch timeline.



Garage door controllers, smart plugs, and smart alarms sold by Nexx contain cybersecurity vulnerabilities that could enable cyberattackers to crack open home garage doors, take over smart plugs, and gain remote control of smart alarms, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
And although independent cybersecurity researcher Sam Sabetan reported that he discovered several vulnerabilities in late 2022 and alerted Nexx to the issues, the company has yet to respond.
Nexx has not replied to Dark Readings request for comment, either.
CISAs April 4 warning
 applies to three specific Nexx
Internet of Things
 (IoT) products: Nexx Garage Door Controller (NXG-100B, NXG-200), version nxg200v-p3-4-1 and prior; Nexx Smart Plug (NXPG-100W), version nxpg100cv4-0-0 and prior; and Nexx Smart Alarm (NXAL-100), version nxal100v-p1-9-1 and prior.
The Nexx products have five identified vulnerabilities, according to CISA, the highest of which has a critical CVSS vulnerability severity score of 9.3.
CVE-2023-1748: Use of Hard-Coded Credentials CWE-798 (CVSS 9.3)
CVE-2023-1749: Authorization Bypass Through User-Controlled Key CWE-639 (CVSS 6.5)
CVE 2023-1750: Authorization Bypass Through User-Controlled Key CWE-639 (CVSS 7.1)
CVE-2023-1751: Improper Input Validation CWE-20 (CVSS 7.5)
CVE-2023-1752: Improper Authentication CWE-287 (CVSS 8.1)
Until Nexx issues a fix, Sabetan and CISA recommend that users unplug affected devices. 
If you are a Nexx customer, I strongly recommend disconnecting your devices and contacting Nexx to inquire about remediation steps,
Sabetan said in his disclosure
. It is crucial for consumers to be aware of the potential risks associated with IoT devices and to demand higher security standards from manufacturers.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Garage Door Openers Open to Hijacking, Thanks to Unpatched Security Vulns