CVE-2023-1750

Summary

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.

Affected Software

VendorProductVersion RangeStatus
NexxSmart Alarm NXAL-1000 <= nxal100v-p1-9-1affected
NexxSmart Plug NXPG-100W0 <= nxpg100cv4-0-0affected
NexxGarage Door Controller NXG-100B, NXG-2000 <= nxg200v-p3-4-1affected

Weaknesses

  • CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References