Claroty Team82 reports multiple vulnerabilities in OvrC Cloud, one critical

Team82 discovered multiple vulnerabilities in the OvrC cloud platform, a remote management and monitoring solution used for IoT devices.

The vulnerabilities, when chained together, allow attackers to execute code remotely on OvrC cloud-connected devices, ake control of approximately 10 million connected devices, bypass perimeter security measures, enumerate and profile devices, hijack devices from legitimate users and run arbitrary code on compromised systems.

Vulnerabilities summary:

• CVE-2024-50381 (CVSS score 9.1) - Authentication bypass allowing attackers to impersonate Hub devices and unclaim connected devices using only MAC addresses
• CVE-2023-28649 (CVSS score 8.6) - Input validation vulnerability enabling attackers to claim already-claimed devices through Hub impersonation
• CVE-2023-31241 (CVSS score 8.6) - Access control bypass allowing unauthorized device claiming
• CVE-2023-28386 (CVSS score 8.6) - Insufficient firmware update validation
• CVE-2023-31240 (CVSS score 8.3) - Hard-coded superuser credentials in Hub devices
• CVE-2023-25183 (CVSS score 8.3) - Hidden functionality enabling arbitrary command execution
• CVE-2023-31193 (CVSS score 7.5) - Cleartext transmission of sensitive information
• CVE-2024-50380 (CVSS score 7.5) - Authentication bypass through MAC address spoofing
• CVE-2023-31245 (CVSS score 7.1) - URL redirection vulnerability
• CVE-2023-28412 (CVSS score 5.3) - Information disclosure through MAC address enumeration

Affected Systems

• OvrC Pro versions prior to 7.3
• OvrC Connect mobile app
• Various OvrC-enabled devices including: • Smart electrical power supplies • Security cameras • Routers • Home automation systems • Network-connected printers • Smart electrical switches

Remediation: SnapOne addressed eight vulnerabilities in May 2023 through automatic update, notified through ICSA-23-136-01, with the remaining two vulnerabilities patched in a subsequent update.