Vulnerability Description
When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snapone | Orvc | < 7.3.0 |
| Control4 | Ca-1 | - |
| Control4 | Ca-10 | - |
| Control4 | Ea-1 | - |
| Control4 | Ea-3 | - |
| Control4 | Ea-5 | - |
| Snapone | An-110-Rt-2L1W | - |
| Snapone | An-110-Rt-2L1W-Wifi | - |
| Snapone | An-310-Rt-4L2W | - |
| Snapone | Ovrc-300-Pro | - |
| Snapone | Pakedge Rk-1 | - |
| Snapone | Pakedge Rt-3100 | - |
| Snapone | Pakedge Wr-1 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party AdvisoryUS Government Resource
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latestRelease Notes
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party AdvisoryUS Government Resource
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latestRelease Notes
FAQ
What is CVE-2023-28412?
CVE-2023-28412 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud wil...
How severe is CVE-2023-28412?
CVE-2023-28412 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28412?
Check the references section above for vendor advisories and patch information. Affected products include: Snapone Orvc, Control4 Ca-1, Control4 Ca-10, Control4 Ea-1, Control4 Ea-3.