Filtered by vendor Ismartalarm
Subscribe
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7729 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. | |||||
CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||||
CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |||||
CVE-2017-7728 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.5 HIGH | 9.8 CRITICAL |
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. | |||||
CVE-2017-13663 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||||
CVE-2018-16222 | 1 Ismartalarm | 1 Ismartalarm | 2019-10-02 | 2.1 LOW | 6.8 MEDIUM |
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. | |||||
CVE-2018-16224 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2018-12-20 | 5.0 MEDIUM | 5.3 MEDIUM |
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device. | |||||
CVE-2017-13664 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2017-12-18 | 5.0 MEDIUM | 9.8 CRITICAL |
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. |