CVE-2017-13664

CRITICAL

iSmartAlarm CubeOne Firmware < 2.2.4.8 - Exposure of Sensitive Information via Password File

Title source: llm
STIX 2.1

Description

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0154
EPSS Percentile 71.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
ismartalarm/cubeone_firmware < 2.2.4.8
Published Dec 01, 2017
Tracked Since Feb 18, 2026