CVE-2021-26638

HIGH

7.3

Descricao

Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.

Detalhes CVE

Pontuacao CVSS v3.17.3

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado6/23/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

xisnd:s\&d_smarthome

Fraquezas (CWE)

CWE-287CWE-287

Referencias

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783(vuln@krcert.or.kr)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.