CVE-2019-16258

Опубликовано: 20 мар. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 7.2

EPSS Низкий

Описание

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface.

Ссылки

https://store.hom.ee/collections/all/products/homee-brain-cube
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-026.txt
Third Party Advisory
https://store.hom.ee/collections/all/products/homee-brain-cube
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-026.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hom.ee:brain_cube_core:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.23.0 (включая)

cpe:2.3:h:hom.ee:brain_cube:*:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00119

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-xx77-mh78-c74h

github

около 3 лет назад