Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NControl4 Ca 1
HWControl4wszystkie wersjeControl4 Ca 10
HWControl4wszystkie wersjeControl4 Ea 1
HWControl4wszystkie wersjeControl4 Ea 3
HWControl4wszystkie wersjeControl4 Ea 5
HWControl4wszystkie wersjeSnapone An 110 Rt 2l1w
HWSnaponewszystkie wersjeSnapone An 110 Rt 2l1w Wifi
HWSnaponewszystkie wersjeSnapone An 310 Rt 4l2w
HWSnaponewszystkie wersjeSnapone Orvc
APPSnapone< 7.3.0Snapone Ovrc 300 Pro
HWSnaponewszystkie wersjeSnapone Pakedge Rk 1
HWSnaponewszystkie wersjeSnapone Pakedge Rt 3100
HWSnaponewszystkie wersjeSnapone Pakedge Wr 1
HWSnaponewszystkie wersje
Related vulnerabilities
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...
Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...