Security News > 2023 > April > Hackers can open Nexx garage doors remotely, and there's no fix

Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs.

The most significant discovery is the use of universal credentials that are hardcoded in the firmware and also easy to obtain from the client communication with Nexx's API. The vulnerability can also be exploited to identify Nexx users, allowing an attacker to collect email addresses, device IDs, and first names.

Sabetan discovered the vulnerabilities listed below, which affect Nexx Garage Door Controllers NXG-100B and NGX-200 running version nxg200v-p3-4-1 or older, the Nexx Smart Plug NXPG-100W running version nxpg100cv4-0-0 and older, and Nexx Smart Alarm NXAL-100 running version nxal100v-p1-9-1 and older.

CVE-2023-1751: Improper input validation, failing to correlate the token in the authorization header with the device ID. CVE-2023-1752: Improper authentication control allowing any user to register an already registered Nexx device using its MAC address.

The most severe of the five flaws, CVE-2023-1748, is the result of Nexx Cloud setting a universal password for all newly registered devices via the Android or iOS Nexx Home mobile app.

"Nexx has not replied to any correspondence from myself, DHS or VICE Media Group. I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers" - Sam Sabetan.

News URL

https://www.bleepingcomputer.com/news/security/hackers-can-open-nexx-garage-doors-remotely-and-theres-no-fix/