CVE-2023-28412

MEDIUM

Snapone Orvc < 7.3.0 - Information Disclosure

Title source: rule

Description

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

[Release Notes] https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 28.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-204 CWE-203

Status published

Products (1)

snapone/orvc < 7.3.0

Published May 22, 2023

Tracked Since Feb 18, 2026