CVE-2023-31240 HIGH

CVE-2023-31240

Vendor Snap One
Product OvrC Cloud
Weakness CWE-1391
Published May 22, 2023
Last update January 16, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

Key dates

02Disclosure timeline

May 22, 2023 CVE published
January 16, 2025 Record updated