CVE-2023-31240: Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud...

8.3 CVSS

Description

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

Classification

CVE ID: CVE-2023-31240

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

Affected Products

Vendor: Snap One

Product: OvrC Cloud

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.26% (probability of being exploited)

EPSS Percentile: 65.65% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf

Timeline

2024-12-10 00:30:59 UTC
CVE

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud...