HIGH🇬🇧 English

CVE-2023-28649

CVSS 8.6v3.1pub. 2023-05-22upd. 2024-12-09

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
  • Snapone Ovrc 300 Pro

    HW
    Snapone
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-31193HIGH7.5ten sam produkt

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...

CVE-2023-28386HIGH8.6ten sam produkt

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...

CVE-2023-31245HIGH7.1ten sam produkt

Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...

CVE-2023-25183HIGH8.3ten sam produkt

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...

CVE-2023-31240HIGH8.3ten sam produkt

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...

CVE-2023-28649 — HIGH 8.6 | CVEbaza.pl