Lucene search

[email protected]NVD:CVE-2023-36160

HistorySep 16, 2023 - 12:15 a.m.

CVE-2023-36160

2023-09-1600:15:07

[email protected]

web.nvd.nist.gov

qubo smart plug10a

vulnerability

disclosure

uart console

sensitive information

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.

Affected configurations

Nvd

Node

quboworldsmart_plug_10a_firmwareMatchhsp02_01_01_14_system-10_a

AND

quboworldsmart_plug_10aMatch-

VendorProductVersionCPE
quboworldsmart_plug_10a_firmwarehsp02_01_01_14_system-10_acpe:2.3:o:quboworld:smart_plug_10a_firmware:hsp02_01_01_14_system-10_a:*:*:*:*:*:*:*
quboworldsmart_plug_10a-cpe:2.3:h:quboworld:smart_plug_10a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
quboworld	smart_plug_10a_firmware	hsp02_01_01_14_system-10_a	cpe:2.3:o:quboworld:smart_plug_10a_firmware:hsp02_01_01_14_system-10_a:::::::*
quboworld	smart_plug_10a	-	cpe:2.3:h:quboworld:smart_plug_10a:-:::::::*

References

github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-36160

cvelist1 prion1 cve1