Vulnerability Details CVE-2018-16224
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2018-16224
-
cpe:2.3:h:ismartalarm:cubeone:-
-
cpe:2.3:o:ismartalarm:cubeone_firmware:-
-
cpe:2.3:o:ismartalarm:cubeone_firmware:1.3.3.1
-
cpe:2.3:o:ismartalarm:cubeone_firmware:1.5.3.0
-
cpe:2.3:o:ismartalarm:cubeone_firmware:1.6.3.0
-
cpe:2.3:o:ismartalarm:cubeone_firmware:1.7.2.0
-
cpe:2.3:o:ismartalarm:cubeone_firmware:1.7.3.2
-
cpe:2.3:o:ismartalarm:cubeone_firmware:2.1.4.1
-
cpe:2.3:o:ismartalarm:cubeone_firmware:2.2.4.10
-
cpe:2.3:o:ismartalarm:cubeone_firmware:2.2.4.8
-
cpe:2.3:o:ismartalarm:cubeone_firmware:2.2.4.9