CVE-2021-26638

HIGH

7.3

Description

Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.

Details CVE

Score CVSS v3.17.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Vecteur d'attaqueADJACENT_NETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie6/23/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

xisnd:s\&d_smarthome

Faiblesses (CWE)

CWE-287CWE-287

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783(vuln@krcert.or.kr)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.