Описание
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Exploit
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:electronic_shelf_label_protocol_project:electronic_shelf_label_protocol:-:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00298
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-294
CWE-294
Связанные уязвимости
CVSS3: 5.3
github
около 3 лет назад
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
EPSS
Процентиль: 53%
0.00298
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-294
CWE-294