HIGH🇵🇱 Wersja polska

CVE-2023-28386

CVSS 8.6v3.1pub. 2023-05-22upd. 2024-12-09

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
  • Control4 Ca 1

    HW
    Control4
    wszystkie wersje
  • Control4 Ca 10

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 1

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 3

    HW
    Control4
    wszystkie wersje
  • Control4 Ea 5

    HW
    Control4
    wszystkie wersje
  • Snapone An 110 Rt 2l1w

    HW
    Snapone
    wszystkie wersje
  • Snapone An 110 Rt 2l1w Wifi

    HW
    Snapone
    wszystkie wersje
  • Snapone An 310 Rt 4l2w

    HW
    Snapone
    wszystkie wersje
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
  • Snapone Ovrc 300 Pro

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Rk 1

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Rt 3100

    HW
    Snapone
    wszystkie wersje
  • Snapone Pakedge Wr 1

    HW
    Snapone
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-31193HIGH7.5ten sam produkt

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...

CVE-2023-31245HIGH7.1ten sam produkt

Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...

CVE-2023-28649HIGH8.6ten sam produkt

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...

CVE-2023-25183HIGH8.3ten sam produkt

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...

CVE-2023-31240HIGH8.3ten sam produkt

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...