ICSA-23-094-01 · Published 2023-04-04 · View on CISA ICS-CERT ↗

Nexx Smart Home Device

CVSS 9.3 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information, execute application programmable interface (API) requests, or hijack devices.

CVEs (5)

CVE-2023-1748 CVE-2023-1749 CVE-2023-1750 CVE-2023-1751 CVE-2023-1752

Remediations

Nexx has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Nexx support for additional information.

Affected Vendors

Nexx

Affected Products (3)

Nexx · Nexx Garage Door Controller (NXG-100B, NXG-200) <= nxg200v-p3-4-1

Nexx · Nexx Smart Plug (NXPG-100W) <= nxpg100cv4-0-0

Nexx · Nexx Smart Alarm (NXAL-100) <= nxal100v-p1-9-1and

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more