Vulnerability Description
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hom.Ee | Brain Cube Core | 2.28.2 |
| Hom.Ee | Brain Cube | - |
Related Weaknesses (CWE)
References
- https://cwe.mitre.org/data/definitions/522.htmlThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-027.tThird Party Advisory
- https://www.syss.de/pentest-blog/Third Party Advisory
- https://cwe.mitre.org/data/definitions/522.htmlThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-027.tThird Party Advisory
- https://www.syss.de/pentest-blog/Third Party Advisory
FAQ
What is CVE-2020-24396?
CVE-2020-24396 is a vulnerability with a CVSS score of 7.5 (HIGH). homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
How severe is CVE-2020-24396?
CVE-2020-24396 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24396?
Check the references section above for vendor advisories and patch information. Affected products include: Hom.Ee Brain Cube Core, Hom.Ee Brain Cube.