Skip to main content

Nxal 100 Firmware

5 CVEs product

Monthly

CVE-2023-1752 MEDIUM This Month

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-1751 MEDIUM This Month

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1750 HIGH This Week

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-1749 MEDIUM This Month

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1748 CRITICAL Act Now

The listed versions of Nexx Smart Home devices use hard-coded credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.8%
EPSS 1% CVSS 4.3
MEDIUM This Month

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nxal 100 Firmware Nxg 100B Firmware +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The listed versions of Nexx Smart Home devices use hard-coded credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy