CVE-2023-1749

Published Apr 4, 2023

Last updated a year ago

Overview

Description: The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-639

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:getnexx:nxal-100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECEB2E75-CBB4-4698-8362-E299B360D230",
            "versionEndIncluding": "nxal100v-p1-9-1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:getnexx:nxal-100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A105A0A9-453D-4FEC-A892-90DF700AF48F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:getnexx:nxg-100b_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFED44C1-D08F-485F-9613-2FF354646544",
            "versionEndIncluding": "nxg100bv-p3-4-1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:getnexx:nxg-100b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19767CB6-01EC-4D9A-B879-622D97659C41"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:getnexx:nxpg-100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "705949CF-FA4F-4D31-A125-897E4738FD60",
            "versionEndIncluding": "nxpg100cv4-0-0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:getnexx:nxpg-100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BABBFCE0-C690-4867-9416-5C9E453A6B1F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:getnexx:nxg-200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D3856AF-F315-4D54-A415-23D870E57FDC",
            "versionEndIncluding": "nxg200v-p3-4-1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:getnexx:nxg-200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E23E0481-74FD-4F0C-926C-D303DF9F9E68"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References