Vulnerability Description
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getnexx | Nxal-100 Firmware | <= nxal100v-p1-9-1 |
| Getnexx | Nxal-100 | - |
| Getnexx | Nxg-100B Firmware | <= nxg100bv-p3-4-1 |
| Getnexx | Nxg-100B | - |
| Getnexx | Nxpg-100W Firmware | <= nxpg100cv4-0-0 |
| Getnexx | Nxpg-100W | - |
| Getnexx | Nxg-200 Firmware | <= nxg200v-p3-4-1 |
| Getnexx | Nxg-200 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-1748?
CVE-2023-1748 is a vulnerability with a CVSS score of 9.3 (CRITICAL). The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentia...
How severe is CVE-2023-1748?
CVE-2023-1748 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-1748?
Check the references section above for vendor advisories and patch information. Affected products include: Getnexx Nxal-100 Firmware, Getnexx Nxal-100, Getnexx Nxg-100B Firmware, Getnexx Nxg-100B, Getnexx Nxpg-100W Firmware.