Sign-up

ID

VAR-201712-0791


CVE

CVE-2017-13663


TITLE

iSmartAlarm CubeOne Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011018

DESCRIPTION

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. iSmartAlarm CubeOne Contains an information disclosure vulnerability.Information may be obtained. iSmartAlarm CubeOne is a smart home central control device produced by iSmartAlarm in the United States. There are security vulnerabilities in the firmware of iSmartAlarm CubeOne 2.2.4.8 and earlier versions. An attacker could exploit this vulnerability to decrypt log files

Trust: 1.71

sources: NVD: CVE-2017-13663 // JVNDB: JVNDB-2017-011018 // VULHUB: VHN-104308

AFFECTED PRODUCTS

vendor:ismartalarmmodel:cubeonescope:lteversion:2.2.4.8

Trust: 1.0

vendor:ismart alarmmodel:cubeonescope:lteversion:2.2.4.8

Trust: 0.8

vendor:ismartalarmmodel:cubeonescope:eqversion:2.2.4.8

Trust: 0.6

sources: JVNDB: JVNDB-2017-011018 // CNNVD: CNNVD-201708-1092 // NVD: CVE-2017-13663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13663
value: HIGH

Trust: 1.0

NVD: CVE-2017-13663
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-1092
value: HIGH

Trust: 0.6

VULHUB: VHN-104308
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13663
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104308
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13663
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104308 // JVNDB: JVNDB-2017-011018 // CNNVD: CNNVD-201708-1092 // NVD: CVE-2017-13663

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-104308 // JVNDB: JVNDB-2017-011018 // NVD: CVE-2017-13663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1092

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-1092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011018

PATCH
title:CubeOneurl:https://www.ismartalarm.com/p/ISA00011/cubeone
Trust: 0.8
title:iSmartAlarm CubeOne Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100000
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011018 // 
            
            
            
            CNNVD: CNNVD-201708-1092

EXTERNAL IDS
db:NVDid:CVE-2017-13663
Trust: 2.5
db:JVNDBid:JVNDB-2017-011018
Trust: 0.8
db:CNNVDid:CNNVD-201708-1092
Trust: 0.7
db:VULHUBid:VHN-104308
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104308 // 
            
            
            
            JVNDB: JVNDB-2017-011018 // 
            
            
            
            CNNVD: CNNVD-201708-1092 // 
            
            
            
            NVD: CVE-2017-13663

REFERENCES
url:https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13663
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13663
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104308 // 
            
            
            
            JVNDB: JVNDB-2017-011018 // 
            
            
            
            CNNVD: CNNVD-201708-1092 // 
            
            
            
            NVD: CVE-2017-13663

SOURCES
db:VULHUBid:VHN-104308
db:JVNDBid:JVNDB-2017-011018
db:CNNVDid:CNNVD-201708-1092
db:NVDid:CVE-2017-13663

LAST UPDATE DATE
2025-04-20T23:34:15.022000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104308date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-011018date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201708-1092date:2019-10-23T00:00:00
db:NVDid:CVE-2017-13663date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-104308date:2017-12-01T00:00:00
db:JVNDBid:JVNDB-2017-011018date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201708-1092date:2017-08-25T00:00:00
db:NVDid:CVE-2017-13663date:2017-12-01T17:29:00.230