CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
43.7%
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.
Vendor | Product | Version | CPE |
---|---|---|---|
snapone | orvc | * | cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:* |
control4 | ca-1 | - | cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:* |
control4 | ca-10 | - | cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:* |
control4 | ea-1 | - | cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:* |
control4 | ea-3 | - | cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:* |
control4 | ea-5 | - | cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:* |
snapone | an-110-rt-2l1w | - | cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:* |
snapone | an-110-rt-2l1w-wifi | - | cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:* |
snapone | an-310-rt-4l2w | - | cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:* |
snapone | ovrc-300-pro | - | cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
43.7%