CVE-2023-28412
Summary
| CVE | CVE-2023-28412 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-22 20:15:00 UTC |
| Updated | 2023-05-30 15:59:00 UTC |
| Description | When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. |
Risk And Classification
Problem Types: CWE-203
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Control4 | Ca-1 | - | All | All | All |
| Hardware | Control4 | Ca-10 | - | All | All | All |
| Hardware | Control4 | Ea-1 | - | All | All | All |
| Hardware | Control4 | Ea-3 | - | All | All | All |
| Hardware | Control4 | Ea-5 | - | All | All | All |
| Hardware | Snapone | An-110-rt-2l1w | - | All | All | All |
| Hardware | Snapone | An-110-rt-2l1w-wifi | - | All | All | All |
| Hardware | Snapone | An-310-rt-4l2w | - | All | All | All |
| Application | Snapone | Orvc | All | All | All | All |
| Hardware | Snapone | Ovrc-300-pro | - | All | All | All |
| Hardware | Snapone | Pakedge Rk-1 | - | All | All | All |
| Hardware | Snapone | Pakedge Rt-3100 | - | All | All | All |
| Hardware | Snapone | Pakedge Wr-1 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Snap One OvrC Cloud | CISA | MISC | www.cisa.gov | |
| www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-... | MISC | www.control4.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.