Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Eve Play by EveHome

    CVE-2024-5743 (GCVE-0-2024-5743)

    Vulnerability from nvd – Published: 2025-01-13 17:25 – Updated: 2025-01-13 18:25
    VLAI
    Title
    Command Injection Vulnerability
    Summary
    An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    EveHome Eve Play Affected: 0 , ≤ 1.1.42 (custom)
    Create a notification for this product.
    Date Public
    2025-01-12 19:31
    Credits
    ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T18:25:40.080233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T18:25:58.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Eve Play",
              "vendor": "EveHome",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.42",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure."
            }
          ],
          "datePublic": "2025-01-12T19:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Eve Play: through 1.1.42.\u003c/p\u003e"
                }
              ],
              "value": "An attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\n\nThis issue affects Eve Play: through 1.1.42."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-13T17:25:49.740Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.evehome.com/en-us/security-content"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The issue is resolved in the version to:\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e1.1.43 or later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "The issue is resolved in the version to:\u00a01.1.43 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2024-5743",
        "datePublished": "2025-01-13T17:25:49.740Z",
        "dateReserved": "2024-06-07T12:34:00.963Z",
        "dateUpdated": "2025-01-13T18:25:58.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5743 (GCVE-0-2024-5743)

    Vulnerability from cvelistv5 – Published: 2025-01-13 17:25 – Updated: 2025-01-13 18:25
    VLAI
    Title
    Command Injection Vulnerability
    Summary
    An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    EveHome Eve Play Affected: 0 , ≤ 1.1.42 (custom)
    Create a notification for this product.
    Date Public
    2025-01-12 19:31
    Credits
    ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T18:25:40.080233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-13T18:25:58.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Eve Play",
              "vendor": "EveHome",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.42",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ABB PSIRT thanks the following parties for their efforts: Ville Salmela for reporting the vulnerabilities through responsible disclosure."
            }
          ],
          "datePublic": "2025-01-12T19:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Eve Play: through 1.1.42.\u003c/p\u003e"
                }
              ],
              "value": "An attacker could exploit the \u0027Use of Password Hash With Insufficient Computational Effort\u0027 vulnerability in EveHome Eve Play to execute arbitrary code.\n\nThis issue affects Eve Play: through 1.1.42."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-13T17:25:49.740Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.evehome.com/en-us/security-content"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The issue is resolved in the version to:\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e1.1.43 or later.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "The issue is resolved in the version to:\u00a01.1.43 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2024-5743",
        "datePublished": "2025-01-13T17:25:49.740Z",
        "dateReserved": "2024-06-07T12:34:00.963Z",
        "dateUpdated": "2025-01-13T18:25:58.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }