Vulnerabilities > CVE-2023-1751 - Unspecified vulnerability in Getnexx products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

getnexx

NVD

Published: 2023-04-04

Updated: 2023-11-07

Summary

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.

Vulnerable Configurations

Part	Description	Count
OS	Getnexx Getnexx Nxal 100 Firmware * Getnexx NXG 100B Firmware * Getnexx Nxpg 100W Firmware * Getnexx NXG 200 Firmware *	4
Hardware	Getnexx Getnexx Nxal 100 - Getnexx NXG 100B - Getnexx Nxpg 100W - Getnexx NXG 200 -	4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01