Login Sign Up

CVE-2023-31193

7.5 HIGH

📋 TL;DR

Snap One OvrC Pro devices prior to version 7.3 download programs over unencrypted HTTP connections instead of HTTPS, making them vulnerable to man-in-the-middle attacks. This affects all OvrC Pro devices running versions before 7.3, potentially allowing attackers to intercept and modify software updates.

💻 Affected Systems

Products:
  • Snap One OvrC Pro
Versions: All versions prior to 7.3
Operating Systems: Embedded/Linux-based
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable as the HTTP connection is hardcoded in the update mechanism.

📦 What is this software?

Orvc by Snapone

View all CVEs affecting Orvc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept program downloads and replace them with malicious code, gaining full control of OvrC Pro devices and potentially compromising connected smart home/industrial systems.

🟠

Likely Case

Man-in-the-middle attackers could intercept and modify program downloads, leading to unauthorized code execution on OvrC Pro devices.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to potential service disruption or unauthorized access to the OvrC Pro device itself.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires man-in-the-middle position on network path between OvrC Pro device and update servers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.3

Vendor Advisory: https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf

Restart Required: Yes

Instructions:

1. Log into OvrC Pro web interface. 2. Navigate to System > Software Update. 3. Check for and install version 7.3 or later. 4. Reboot device after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OvrC Pro devices on separate VLANs with strict egress filtering to prevent man-in-the-middle attacks.

Outbound Firewall Rules

all

Block all outbound HTTP traffic from OvrC Pro devices, forcing them to fail closed rather than use insecure connections.

🧯 If You Can't Patch

  • Segment OvrC Pro devices on isolated network segments with no internet access
  • Implement network monitoring for HTTP traffic from OvrC Pro devices to detect potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check OvrC Pro web interface > System > About for software version. If version is below 7.3, device is vulnerable.

Check Version:

curl -s http://[ovrc-ip]/api/v1/system/info | grep version

Verify Fix Applied:

After updating, verify version is 7.3 or higher in System > About. Monitor network traffic to confirm HTTPS connections to update servers.

📡 Detection & Monitoring

Log Indicators:

  • HTTP connections to update servers (instead of HTTPS)
  • Failed update attempts after blocking HTTP

Network Indicators:

  • HTTP traffic to Snap One/Control4 update servers from OvrC Pro devices
  • Unencrypted program downloads

SIEM Query:

source_ip=[ovrc-device-ip] AND dest_port=80 AND (dest_ip contains 'control4.com' OR dest_ip contains 'snapone.com')

📊 Metadata

CVE ID: CVE-2023-31193
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-319
Published: May 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31193, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)