exploitDog

CVE-2023-42143

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.

Ссылки

https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219
Third Party Advisory
https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:shelly:trv_firmware:2.1.8:*:*:*:*:*:*:*

cpe:2.3:h:shelly:trv:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00135

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-354

CWE-354

Связанные уязвимости

GHSA-4q7q-6wxm-5v68

CVSS3: 5.4

github

около 2 лет назад

Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.

EPSS

Процентиль: 34%

0.00135

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-354

CWE-354