CVE-2020-24395

medium

Description

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.

References

https://www.syss.de/pentest-blog/

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-026.txt

Details

Source: Mitre, NVD

Published: 2021-05-20

Updated: 2021-06-03

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium