Vulnerability Details CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-42143
-
cpe:2.3:h:shelly:trv:-
-
cpe:2.3:o:shelly:trv_firmware:2.1.8