Cubeone Firmware
by Ismartalarm
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13664 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2017 | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | ||
| CVE-2017-7728 | Cri | 0.64 | 9.8 | 0.03 | Jul 11, 2017 | On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. | ||
| CVE-2017-13663 | Hig | 0.49 | 7.5 | 0.00 | Dec 1, 2017 | Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | ||
| CVE-2017-7730 | Hig | 0.49 | 7.5 | 0.01 | Jul 11, 2017 | iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | ||
| CVE-2017-7729 | Hig | 0.49 | 7.5 | 0.01 | Jul 11, 2017 | On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. | ||
| CVE-2017-7726 | Hig | 0.49 | 7.5 | 0.01 | Jul 11, 2017 | iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. |
- risk 0.64cvss 9.8epss 0.02
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.
- risk 0.64cvss 9.8epss 0.03
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
- risk 0.49cvss 7.5epss 0.00
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
- risk 0.49cvss 7.5epss 0.01
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
- risk 0.49cvss 7.5epss 0.01
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
- risk 0.49cvss 7.5epss 0.01
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.