CVE-2018-16224

MEDIUM

iSmartAlarm Cube One < 2.2.4.10 - Unauthenticated Sensitive Information Exposure via Diagnostic Files

Title source: llm
STIX 2.1

Description

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Nov/2

Scores

CVSS v3 5.3
EPSS 0.0659
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
ismartalarm/cubeone_firmware < 2.2.4.10
Published Nov 20, 2018
Tracked Since Feb 18, 2026