CVE-2023-1748
📋 TL;DR
Nexx Smart Home devices contain hard-coded credentials that allow unauthenticated attackers to access MQTT servers and remotely control garage doors and smart plugs. This affects customers using vulnerable Nexx Home mobile applications or firmware versions. Attackers can exploit this without authentication to manipulate connected devices.
💻 Affected Systems
- Nexx Smart Home devices including garage door controllers and smart plugs
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain complete remote control over all connected garage doors and smart plugs, potentially allowing physical intrusion, property damage, or electrical hazards by manipulating smart plugs.
Likely Case
Unauthorized users remotely open/close garage doors or toggle smart plugs, compromising home security and potentially causing electrical issues.
If Mitigated
With proper network segmentation and access controls, impact is limited to isolated smart home networks without affecting critical systems.
🎯 Exploit Status
Exploitation requires network access to devices or mobile app, but uses simple credential extraction from hard-coded values.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01
Restart Required: Yes
Instructions:
1. Contact Nexx support for firmware updates. 2. Update Nexx Home mobile application. 3. Apply firmware updates to affected devices. 4. Restart devices after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Nexx devices on separate VLAN without internet access
Disable Remote Access
allDisable cloud connectivity in device settings if possible
🧯 If You Can't Patch
- Physically disconnect devices from power when not in use
- Implement strict firewall rules blocking all inbound/outbound traffic to Nexx devices
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Nexx security bulletins; test for hard-coded credential presence in mobile app or firmware.Check Version:
Check via Nexx Home mobile app settings or device web interface if available.Verify Fix Applied:
Verify firmware version is updated; test that hard-coded credentials no longer provide access.📡 Detection & Monitoring
Log Indicators:
- Unauthorized MQTT connections
- Unexpected garage door/smart plug state changes
- Failed authentication attempts using default credentials
Network Indicators:
- MQTT traffic to Nexx servers from unexpected sources
- Unusual command patterns to device endpoints
SIEM Query:
source="nexx_device" AND (event="door_state_change" OR event="plug_toggle") AND user="default"