CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:getnexx:nxal-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getnexx:nxal-100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:getnexx:nxg-100b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getnexx:nxg-100b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:getnexx:nxpg-100w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getnexx:nxpg-100w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:getnexx:nxg-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getnexx:nxg-200:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-04 17:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-1750

Mitre link : CVE-2023-1750

CVE.ORG link : CVE-2023-1750


JSON object : View

Products Affected

getnexx

  • nxg-200_firmware
  • nxpg-100w_firmware
  • nxg-100b_firmware
  • nxg-100b
  • nxg-200
  • nxpg-100w
  • nxal-100
  • nxal-100_firmware
CWE
CWE-639

Authorization Bypass Through User-Controlled Key