Vulnerabilities > CVE-2023-34761 - Unspecified vulnerability in 7-Eleven Hello CUP 1.3.1

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

7-eleven

NVD

Published: 2023-06-28

Updated: 2023-07-06

Summary

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

Vulnerable Configurations

Part	Description	Count
Application	7-Eleven 7 Eleven Hello CUP 1.3.1	1
Hardware	7-Eleven 7 Eleven LED Message CUP -	1

References

https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak
https://github.com/actuator/cve/blob/main/CVE-2023-34761