← Back to CVEs
CVE-2020-24395
MEDIUM6.8
Description
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/20/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
hom.ee:brain_cubehom.ee:brain_cube_core
Weaknesses (CWE)
CWE-345
References
https://www.syss.de/pentest-blog/(cve@mitre.org)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-026.txt(af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/pentest-blog/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.