CVE-2020-15501 — MEDIUM (6.5)

Vulnerability Description

Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Smarter	Smarter Coffee Maker 1St Generation	-

References

https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/ExploitThird Party Advisory
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/ExploitThird Party Advisory

FAQ

What is CVE-2020-15501?

CVE-2020-15501 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects pr...

How severe is CVE-2020-15501?

CVE-2020-15501 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15501?

Check the references section above for vendor advisories and patch information. Affected products include: Smarter Smarter Coffee Maker 1St Generation.