Search

Find a vulnerability

Search criteria

    6 vulnerabilities by The Genie Company

    CVE-2023-5881 (GCVE-0-2023-5881)

    Vulnerability from nvd – Published: 2024-01-03 19:22 – Updated: 2024-09-05 20:52
    VLAI
    Title
    Unauthenticated access permitted to web interface page "Garage Door Control Module Setup"
    Summary
    Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect (Retrofit-Kit) Affected: 0 , ≤ <=14.1.1 (semver)
    Create a notification for this product.
    geniecompany aladdin_connect_garage_door_opener Affected: 0 , ≤ 14.1.1 (custom)
        cpe:2.3:a:geniecompany:aladdin_connect_garage_door_opener:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geniecompany:aladdin_connect_garage_door_opener:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aladdin_connect_garage_door_opener",
                "vendor": "geniecompany",
                "versions": [
                  {
                    "lessThanOrEqual": "14.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5881",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:04:33.256054Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T20:52:05.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "RTOS"
              ],
              "product": "Aladdin Connect (Retrofit-Kit)",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=14.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003eUnauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) \"Garage Door Control Module Setup\" and modify the Garage door\u0027s SSID settings. \u003cbr\u003e\u003c/b\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003c/p\u003e"
                }
              ],
              "value": "Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) \"Garage Door Control Module Setup\" and modify the Garage door\u0027s SSID settings. \n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:22:08.506Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated access permitted to web interface page \"Garage Door Control Module Setup\"",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5881",
        "datePublished": "2024-01-03T19:22:08.506Z",
        "dateReserved": "2023-10-31T13:56:16.313Z",
        "dateUpdated": "2024-09-05T20:52:05.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5880 (GCVE-0-2023-5880)

    Vulnerability from nvd – Published: 2024-01-03 19:16 – Updated: 2024-08-27 15:30
    VLAI
    Title
    Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name
    Summary
    When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect (Retrofit-Kit) Affected: 0 , ≤ <=14.1.1 (semver)
    Create a notification for this product.
    geniecompany aladdin_connect Affected: 0 , ≤ 14.1.1 (semver)
        cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aladdin_connect",
                "vendor": "geniecompany",
                "versions": [
                  {
                    "lessThanOrEqual": "14.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5880",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T15:14:25.214790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T15:30:42.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "RTOS"
              ],
              "product": "Aladdin Connect (Retrofit-Kit)",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=14.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cbr\u003e\u003cb\u003eWhen the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers \u201cGarage Door Control Module Setup\u201d page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious\u0026nbsp;code with client side Java Script and/or HTML into the users\u0027 web browser.\u0026nbsp;\u003c/b\u003e\u003cbr\u003e"
                }
              ],
              "value": "When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers \u201cGarage Door Control Module Setup\u201d page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious\u00a0code with client side Java Script and/or HTML into the users\u0027 web browser.\u00a0\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:16:44.618Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5880",
        "datePublished": "2024-01-03T19:16:44.618Z",
        "dateReserved": "2023-10-31T13:56:12.783Z",
        "dateUpdated": "2024-08-27T15:30:42.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5879 (GCVE-0-2023-5879)

    Vulnerability from nvd – Published: 2024-01-03 19:15 – Updated: 2025-06-17 19:39
    VLAI
    Title
    Aladdin Connect Android Application Insecure Storage
    Summary
    Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect Mobile Application Affected: 0 , ≤ <=5.65 Build 2075 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T19:38:42.294356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T19:39:08.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Aladdin Connect Mobile Application",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=5.65 Build 2075",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cbr\u003e\u003cb\u003eUsers\u2019 product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users\u0027 clear text authentication credentials.\u003c/b\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users\u2019 product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users\u0027 clear text authentication credentials.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:16:06.190Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Aladdin Connect Android Application Insecure Storage",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5879",
        "datePublished": "2024-01-03T19:15:59.436Z",
        "dateReserved": "2023-10-31T13:34:45.000Z",
        "dateUpdated": "2025-06-17T19:39:08.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5881 (GCVE-0-2023-5881)

    Vulnerability from cvelistv5 – Published: 2024-01-03 19:22 – Updated: 2024-09-05 20:52
    VLAI
    Title
    Unauthenticated access permitted to web interface page "Garage Door Control Module Setup"
    Summary
    Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect (Retrofit-Kit) Affected: 0 , ≤ <=14.1.1 (semver)
    Create a notification for this product.
    geniecompany aladdin_connect_garage_door_opener Affected: 0 , ≤ 14.1.1 (custom)
        cpe:2.3:a:geniecompany:aladdin_connect_garage_door_opener:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geniecompany:aladdin_connect_garage_door_opener:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aladdin_connect_garage_door_opener",
                "vendor": "geniecompany",
                "versions": [
                  {
                    "lessThanOrEqual": "14.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5881",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:04:33.256054Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T20:52:05.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "RTOS"
              ],
              "product": "Aladdin Connect (Retrofit-Kit)",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=14.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003eUnauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) \"Garage Door Control Module Setup\" and modify the Garage door\u0027s SSID settings. \u003cbr\u003e\u003c/b\u003e\u003cb\u003e\u003cbr\u003e\u003c/b\u003e\u003c/p\u003e"
                }
              ],
              "value": "Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) \"Garage Door Control Module Setup\" and modify the Garage door\u0027s SSID settings. \n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:22:08.506Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated access permitted to web interface page \"Garage Door Control Module Setup\"",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5881",
        "datePublished": "2024-01-03T19:22:08.506Z",
        "dateReserved": "2023-10-31T13:56:16.313Z",
        "dateUpdated": "2024-09-05T20:52:05.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5880 (GCVE-0-2023-5880)

    Vulnerability from cvelistv5 – Published: 2024-01-03 19:16 – Updated: 2024-08-27 15:30
    VLAI
    Title
    Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name
    Summary
    When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect (Retrofit-Kit) Affected: 0 , ≤ <=14.1.1 (semver)
    Create a notification for this product.
    geniecompany aladdin_connect Affected: 0 , ≤ 14.1.1 (semver)
        cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aladdin_connect",
                "vendor": "geniecompany",
                "versions": [
                  {
                    "lessThanOrEqual": "14.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5880",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T15:14:25.214790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T15:30:42.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "RTOS"
              ],
              "product": "Aladdin Connect (Retrofit-Kit)",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=14.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cbr\u003e\u003cb\u003eWhen the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers \u201cGarage Door Control Module Setup\u201d page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious\u0026nbsp;code with client side Java Script and/or HTML into the users\u0027 web browser.\u0026nbsp;\u003c/b\u003e\u003cbr\u003e"
                }
              ],
              "value": "When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers \u201cGarage Door Control Module Setup\u201d page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious\u00a0code with client side Java Script and/or HTML into the users\u0027 web browser.\u00a0\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:16:44.618Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5880",
        "datePublished": "2024-01-03T19:16:44.618Z",
        "dateReserved": "2023-10-31T13:56:12.783Z",
        "dateUpdated": "2024-08-27T15:30:42.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5879 (GCVE-0-2023-5879)

    Vulnerability from cvelistv5 – Published: 2024-01-03 19:15 – Updated: 2025-06-17 19:39
    VLAI
    Title
    Aladdin Connect Android Application Insecure Storage
    Summary
    Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    The Genie Company Aladdin Connect Mobile Application Affected: 0 , ≤ <=5.65 Build 2075 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T19:38:42.294356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T19:39:08.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Android"
              ],
              "product": "Aladdin Connect Mobile Application",
              "vendor": "The Genie Company",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c=5.65 Build 2075",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cbr\u003e\u003cb\u003eUsers\u2019 product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users\u0027 clear text authentication credentials.\u003c/b\u003e\u003cbr\u003e"
                }
              ],
              "value": "Users\u2019 product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users\u0027 clear text authentication credentials.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-03T19:16:06.190Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Aladdin Connect Android Application Insecure Storage",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2023-5879",
        "datePublished": "2024-01-03T19:15:59.436Z",
        "dateReserved": "2023-10-31T13:34:45.000Z",
        "dateUpdated": "2025-06-17T19:39:08.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }