exploitDog

CVE-2023-46892

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).

Ссылки

https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219
Third Party Advisory
https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*

cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00042

Низкий

8.8 High

CVSS3

Дефекты

CWE-294

CWE-294

Связанные уязвимости

GHSA-hf79-3hfm-mgmr

CVSS3: 8.8

github

около 2 лет назад

The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).

EPSS

Процентиль: 13%

0.00042

Низкий

8.8 High

CVSS3

Дефекты

CWE-294

CWE-294