PT-2023-21421 · Jins · Jins Meme Core Firmware

Masahiro Iida

Publicado

2023-05-23

Atualizado

2025-01-31

CVE-2023-27921

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JINS MEME CORE Firmware versions 2.2.0 and earlier

Description The issue is related to a hard-coded cryptographic key used in the firmware, which may allow a network-adjacent attacker to decrypt data acquired by a sensor of the affected product.

Recommendations For JINS MEME CORE Firmware versions 2.2.0 and earlier, update to a version that does not use a hard-coded cryptographic key to prevent potential decryption of sensor-acquired data by a network-adjacent attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2023-27921

Produtos afetados

Jins Meme Core Firmware

PT-2023-21421 · Jins · Jins Meme Core Firmware

CVE-2023-27921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6