Vulnerabilities > CVE-2023-1750 - Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

getnexx

CWE-639

NVD

Published: 2023-04-04

Updated: 2023-11-07

Summary

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.

Vulnerable Configurations

Part	Description	Count
OS	Getnexx Getnexx Nxal 100 Firmware * Getnexx NXG 100B Firmware * Getnexx Nxpg 100W Firmware * Getnexx NXG 200 Firmware *	4
Hardware	Getnexx Getnexx Nxal 100 - Getnexx NXG 100B - Getnexx Nxpg 100W - Getnexx NXG 200 -	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01