CVE-2023-1748
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Summary
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nexx | Smart Alarm NXAL-100 | 0 <= nxal100v-p1-9-1 | affected |
| Nexx | Smart Plug NXPG-100W | 0 <= nxpg100cv4-0-0 | affected |
| Nexx | Garage Door Controller NXG-100B, NXG-200 | 0 <= nxg200v-p3-4-1 | affected |
Weaknesses
- CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.