Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ismartalarm Subscribe
Filtered by product Cubeone
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7729 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2021-08-25 5.0 MEDIUM 7.5 HIGH
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
CVE-2017-7728 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2021-08-25 7.5 HIGH 9.8 CRITICAL
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
CVE-2017-7726 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2021-08-25 5.0 MEDIUM 7.5 HIGH
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
CVE-2017-7730 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2021-08-25 7.8 HIGH 7.5 HIGH
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
CVE-2017-13663 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2019-10-02 5.0 MEDIUM 7.5 HIGH
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
CVE-2018-16224 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2018-12-20 5.0 MEDIUM 5.3 MEDIUM
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
CVE-2017-13664 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2017-12-18 5.0 MEDIUM 9.8 CRITICAL
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.