PT-2023-2619 · Nexx · Nexx Garage Door Controller+2
Published
2023-04-04
·
Updated
2023-04-12
·
CVE-2023-1748
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Nexx Garage Door Controller versions NXG-100B, NXG-200
Nexx Smart Plug version NXPG-100W
Nexx Smart Alarm version NXAL-100
Description
The issue is related to the use of hard-coded credentials in the firmware of Nexx Smart Home devices. This could allow an attacker to gain unauthenticated access to the MQ Telemetry Server (MQTT) server, enabling them to remotely control garage doors or smart plugs for any customer.
Recommendations
For Nexx Garage Door Controller versions NXG-100B, NXG-200, update the firmware to remove hard-coded credentials.
For Nexx Smart Plug version NXPG-100W, update the firmware to remove hard-coded credentials.
For Nexx Smart Alarm version NXAL-100, update the firmware to remove hard-coded credentials.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nexx Garage Door Controller
Nexx Smart Alarm
Nexx Smart Plug