Vendor
Ismartalarm
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13664 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | |
| CVE-2017-7728 | Cri | 0.64 | 9.8 | 0.02 | Jul 11, 2017 | On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. | |
| CVE-2017-7730 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2017 | iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |
| CVE-2017-7729 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2017 | On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. | |
| CVE-2017-7726 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2017 | iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. |