Vulnerabilities > CVE-2023-1749 - Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

getnexx

CWE-639

NVD

Published: 2023-04-04

Updated: 2023-11-07

Summary

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.

Vulnerable Configurations

Part	Description	Count
OS	Getnexx Getnexx Nxal 100 Firmware * Getnexx NXG 100B Firmware * Getnexx Nxpg 100W Firmware * Getnexx NXG 200 Firmware *	4
Hardware	Getnexx Getnexx Nxal 100 - Getnexx NXG 100B - Getnexx Nxpg 100W - Getnexx NXG 200 -	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01