The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs:
Use of Hard-coded Credentials CWE-798 (CVE-2023–1748, CVSS3.0: 8.6)
Authorization Bypass Through User-Controlled Key CWE-639 (CVE-2023–1749, CVSS3.0: 6.5)
Authorization Bypass Through User-Controlled Key CWE-639 (CVE-2023–1750, CVSS3.0: 7.1)
Improper Input Validation CWE-20 (CVE-2023–1751, CVSS3.0: 7.5)
Improper Authentication Validation CWE-287 (CVE-2023–1752, CVSS3.0: 8.1)
Read full news here - https://securityaffairs.com/144488/iot/nexx-smart-devices-flaws.html
