Security News > 2023 > April > Hackers can open Nexx garage doors remotely, and there's no fix

Hackers can open Nexx garage doors remotely, and there's no fix
2023-04-05 15:28

Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs.

The most significant discovery is the use of universal credentials that are hardcoded in the firmware and also easy to obtain from the client communication with Nexx's API. The vulnerability can also be exploited to identify Nexx users, allowing an attacker to collect email addresses, device IDs, and first names.

Sabetan discovered the vulnerabilities listed below, which affect Nexx Garage Door Controllers NXG-100B and NGX-200 running version nxg200v-p3-4-1 or older, the Nexx Smart Plug NXPG-100W running version nxpg100cv4-0-0 and older, and Nexx Smart Alarm NXAL-100 running version nxal100v-p1-9-1 and older.

CVE-2023-1751: Improper input validation, failing to correlate the token in the authorization header with the device ID. CVE-2023-1752: Improper authentication control allowing any user to register an already registered Nexx device using its MAC address.

The most severe of the five flaws, CVE-2023-1748, is the result of Nexx Cloud setting a universal password for all newly registered devices via the Android or iOS Nexx Home mobile app.

"Nexx has not replied to any correspondence from myself, DHS or VICE Media Group. I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers" - Sam Sabetan.


News URL

https://www.bleepingcomputer.com/news/security/hackers-can-open-nexx-garage-doors-remotely-and-theres-no-fix/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-1752 Improper Authentication vulnerability in Getnexx products
The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.
network
low complexity
getnexx CWE-287
4.3
2023-04-04 CVE-2023-1751 Unspecified vulnerability in Getnexx products
The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate.
network
low complexity
getnexx
5.3
2023-04-04 CVE-2023-1748 Use of Hard-coded Credentials vulnerability in Getnexx products
The listed versions of Nexx Smart Home devices use hard-coded credentials.
network
low complexity
getnexx CWE-798
critical
10.0