Ismartalarm Cubeone Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ismartalarm Cubeone Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2017-7728 — CVSS 9.8 (critical): On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off)…
CVE-2017-13664 — CVSS 9.8 (critical): Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with…
CVE-2017-13663 — CVSS 7.5 (high): Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed…
CVE-2017-7729 — CVSS 7.5 (high): On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
CVE-2017-7730 — CVSS 7.5 (high): iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
CVE-2018-16224 — CVSS 5.3 (medium): Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a…