Описание
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.4.10 (включая)
Одновременно
cpe:2.3:o:ismartalarm:cubeone_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ismartalarm:cubeone:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01813
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
EPSS
Процентиль: 82%
0.01813
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200