CVE-2023-31240

Name of the Vulnerable Software and Affected Versions Snap One OvrC Pro versions prior to 7.2

Description The issue concerns a locally running web server in Snap One OvrC Pro that is accessible from both the local network and remotely. Additionally, there is a hidden superuser account in OvrC cloud that can be accessed using hard-coded credentials.

Recommendations For versions prior to 7.2, update to version 7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the locally running web server and disabling any functionality that relies on the hard-coded credentials for the hidden superuser account.