HIGH🇬🇧 English

CVE-2023-31245

CVSS 7.1v3.1pub. 2023-05-22upd. 2024-11-21

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
  • Control4 Ca 1

    HW
    Control4
    wszystkie wersje
  • Control4 Ca 10

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 1

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 3

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 5

    HW
    Control4
    wszystkie wersje
  • Snapone An 110 Rt 2l1w

    HW
    Snapone
    wszystkie wersje
  • Snapone An 110 Rt 2l1w Wifi

    HW
    Snapone
    wszystkie wersje
  • Snapone An 310 Rt 4l2w

    HW
    Snapone
    wszystkie wersje
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
  • Snapone Ovrc 300 Pro

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Rk 1

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Rt 3100

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Wr 1

    HW
    Snapone
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-28649HIGH8.6ten sam produkt

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...

CVE-2023-28386HIGH8.6ten sam produkt

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...

CVE-2023-31241HIGH8.6ten sam produkt

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outri...

CVE-2023-25183HIGH8.3ten sam produkt

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...

CVE-2023-31193HIGH7.5ten sam produkt

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...