← Volver a CVEs
CVE-2020-24395
MEDIUM6.8
Descripcion
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
Detalles CVE
Puntuacion CVSS v3.16.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataquePHYSICAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/20/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
hom.ee:brain_cubehom.ee:brain_cube_core
Debilidades (CWE)
CWE-345
Referencias
https://www.syss.de/pentest-blog/(cve@mitre.org)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-026.txt(af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/pentest-blog/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.