The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
References
Link | Resource |
---|---|
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-026.txt | Third Party Advisory |
https://www.syss.de/pentest-blog/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-20T13:24:53
Updated: 2021-05-20T13:24:53
Reserved: 2020-08-19T00:00:00
Link: CVE-2020-24395
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-20T14:15:07.583
Modified: 2021-06-03T16:43:15.427
Link: CVE-2020-24395
JSON object: View
Redhat Information
No data.
CWE