Vulnerability Description
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snapone | Orvc | < 7.3.0 |
| Control4 | Ca-1 | - |
| Control4 | Ca-10 | - |
| Control4 | Ea-1 | - |
| Control4 | Ea-3 | - |
| Control4 | Ea-5 | - |
| Snapone | An-110-Rt-2L1W | - |
| Snapone | An-110-Rt-2L1W-Wifi | - |
| Snapone | An-310-Rt-4L2W | - |
| Snapone | Ovrc-300-Pro | - |
| Snapone | Pakedge Rk-1 | - |
| Snapone | Pakedge Rt-3100 | - |
| Snapone | Pakedge Wr-1 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party AdvisoryUS Government Resource
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latestRelease Notes
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party AdvisoryUS Government Resource
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latestRelease Notes
FAQ
What is CVE-2023-28386?
CVE-2023-28386 is a vulnerability with a CVSS score of 8.6 (HIGH). Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mecha...
How severe is CVE-2023-28386?
CVE-2023-28386 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28386?
Check the references section above for vendor advisories and patch information. Affected products include: Snapone Orvc, Control4 Ca-1, Control4 Ca-10, Control4 Ea-1, Control4 Ea-3.