Описание
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:hom.ee:brain_cube_core:2.28.2:*:*:*:*:*:*:*
cpe:2.3:o:hom.ee:brain_cube_core:2.28.4:*:*:*:*:*:*:*
cpe:2.3:h:hom.ee:brain_cube:-:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00024
Низкий
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-345
Связанные уязвимости
github
больше 3 лет назад
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
EPSS
Процентиль: 6%
0.00024
Низкий
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-345