CVE-2023-31240
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/05/2023
Last modified:
09/12/2024
Description
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
Impact
Base Score 3.x
8.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:* | 7.2.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf