CVE-2023-1750

Name of the Vulnerable Software and Affected Versions Nexx Smart Home devices (affected versions not specified) Nexx Garage Door Controller (NXG-100B, NXG-200) Nexx Smart Plug (NXPG-100W) Nexx Smart Alarm (NXAL-100)

Description The issue concerns a lack of proper access control when executing actions on Nexx Smart Home devices. An attacker with a valid deviceId could exploit this to retrieve device history, set device settings, and retrieve device information. The vulnerability is related to bypassing authorization using a user-controlled key, allowing a remote attacker to modify device settings and obtain device information.

Recommendations For Nexx Smart Home devices, consider restricting access to device settings and information until a patch is available. For Nexx Garage Door Controller (NXG-100B, NXG-200), Nexx Smart Plug (NXPG-100W), and Nexx Smart Alarm (NXAL-100), restrict access to the devices to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of user-controlled keys to prevent authorization bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.