Vulnerability Description
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shelly | Pro 4Pm Firmware | 0.11.0 |
| Shelly | Pro 4Pm | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/173954/Shelly-PRO-4PM-0.11.0-AuthenticationExploitThird Party AdvisoryVDB Entry
- https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-ExploitThird Party Advisory
- http://packetstormsecurity.com/files/173954/Shelly-PRO-4PM-0.11.0-AuthenticationExploitThird Party AdvisoryVDB Entry
- https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-ExploitThird Party Advisory
FAQ
What is CVE-2023-33383?
CVE-2023-33383 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.
How severe is CVE-2023-33383?
CVE-2023-33383 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33383?
Check the references section above for vendor advisories and patch information. Affected products include: Shelly Pro 4Pm Firmware, Shelly Pro 4Pm.