Vulnerability Details CVE-2020-24396
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cwe.mitre.org/data/definitions/522.html
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-027.txt
- https://www.syss.de/pentest-blog/
- https://cwe.mitre.org/data/definitions/522.html
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-027.txt
- https://www.syss.de/pentest-blog/
Products affected by CVE-2020-24396
-
cpe:2.3:h:hom.ee:brain_cube:-
-
cpe:2.3:o:hom.ee:brain_cube_core:2.28.2
-
cpe:2.3:o:hom.ee:brain_cube_core:2.28.4