Vulnerabilities > CVE-2023-31241 - Unprotected Alternate Channel vulnerability in Snapone Orvc

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2023-05-22

Updated: 2024-12-09

Summary

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

Part	Description	Count
Application	Snapone Snapone Orvc - Snapone Orvc 6.2.0.5 Snapone Orvc 6.2.1.7 Snapone Orvc 6.3.0.4 Snapone Orvc 6.3.0.6 Snapone Orvc 6.4.0.3 Snapone Orvc 6.4.0.9 Snapone Orvc 7.0 Snapone Orvc 7.1.0 Snapone Orvc 7.2.0 Snapone Orvc 7.2.0.5 Snapone Orvc 7.2.0.6	12
Hardware	Control4 Control4 CA 1 - Control4 CA 10 - Control4 EA 1 - Control4 EA 3 - Control4 EA 5 -	5
Hardware	Snapone Snapone AN 110 RT 2L1W - Snapone AN 110 RT 2L1W Wifi - Snapone AN 310 RT 4L2W - Snapone Ovrc 300 PRO - Snapone Pakedge RK 1 - Snapone Pakedge RT 3100 - Snapone Pakedge WR 1 -	7