HIGH🇬🇧 English

CVE-2023-31193

CVSS 7.5v3.1pub. 2023-05-22upd. 2024-11-21

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-28649HIGH8.6ten sam produkt

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...

CVE-2023-28386HIGH8.6ten sam produkt

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...

CVE-2023-31245HIGH7.1ten sam produkt

Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...

CVE-2023-25183HIGH8.3ten sam produkt

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...

CVE-2023-31240HIGH8.3ten sam produkt

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...