CVE-2023-1752 Vulnerability Details

  /     /     /  

CVE-2023-1752 Metadata Quick Info

CVE Published: 04/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: icscert | Vendor: Nexx | Product: Smart Alarm NXAL-100
Status : PUBLISHED

---

CVE-2023-1752 Description

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.

Metrics

CVSS Version: 3.1 | Base Score: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-287 Improper Authentication
Source: Nexx

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).