Summaryinfo

A vulnerability, which was classified as critical, was found in Digoo DG-HAMB 1.0. Impacted is an unknown function. Such manipulation leads to authentication replay. This vulnerability is traded as CVE-2023-31762. There is no exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in Digoo DG-HAMB 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation with an unknown input leads to a authentication replay vulnerability. Using CWE to declare the problem leads to CWE-294. A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Impacted is confidentiality, integrity, and availability. CVE summarizes:

Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.

The weakness was shared 05/24/2023. The advisory is shared for download at ashallen.net. This vulnerability is handled as CVE-2023-31762 since 04/29/2023. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1040.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-36053). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Digoo

Name

• DG-HAMB

Version

• 1.0

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion