CVE-2024-50380
HIGHSnap One OVRC cloud < 7.3 - Authentication Bypass via MAC Address Spoofing
Title source: llmDescription
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Scores
CVSS v4
8.7
EPSS
0.0047
EPSS Percentile
36.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-290
Status
published
Products (1)
Snap One/OVRC cloud
< 7.3
Published
Dec 02, 2024
Tracked Since
Feb 18, 2026