CVE-2023-50127

{"id": "CVE-2023-50127", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-01-11T21:15:10.770", "references": [{"url": "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number."}, {"lang": "es", "value": "El sistema de alarma Hozard (Alarmsysteem) v1.0 es vulnerable a una autenticaci\u00f3n incorrecta. Los comandos enviados a trav\u00e9s de la funcionalidad SMS se aceptan desde n\u00fameros de tel\u00e9fono aleatorios, lo que permite a un atacante desarmar el sistema de alarma desde cualquier n\u00famero de tel\u00e9fono determinado."}], "lastModified": "2024-01-18T20:21:22.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F9A297A-6C1D-4276-8153-C23EE75FB0BB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}