CVE-2017-13664
CRITICALiSmartAlarm CubeOne Firmware < 2.2.4.8 - Exposure of Sensitive Information via Password File
Title source: llmDescription
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Scores
CVSS v3
9.8
EPSS
0.0154
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
ismartalarm/cubeone_firmware
< 2.2.4.8
Published
Dec 01, 2017
Tracked Since
Feb 18, 2026