CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-1751

Getnexx » Nxal-100 » Version: N/A

cpe:2.3:h:getnexx:nxal-100:-
Getnexx » Nxg-100b » Version: N/A

cpe:2.3:h:getnexx:nxg-100b:-
Getnexx » Nxg-200 » Version: N/A

cpe:2.3:h:getnexx:nxg-200:-
Getnexx » Nxpg-100w » Version: N/A

cpe:2.3:h:getnexx:nxpg-100w:-
Getnexx » Nxal-100 Firmware » Version: Any

cpe:2.3:o:getnexx:nxal-100_firmware:*
Getnexx » Nxg-100b Firmware » Version: Any

cpe:2.3:o:getnexx:nxg-100b_firmware:*
Getnexx » Nxg-200 Firmware » Version: Any

cpe:2.3:o:getnexx:nxg-200_firmware:*
Getnexx » Nxpg-100w Firmware » Version: Any

cpe:2.3:o:getnexx:nxpg-100w_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1751

Products

Pricing

Contact Us