Anyone Can Open Nexx Smart Garage Doors

Nexx smart garage doors
Written by Emma Davis

Multiple vulnerabilities have been discovered in Nexx smart garage doors that can be used to control this device, disable home alarms and smart plugs. The manufacturer has not yet recognized and fixed the bugs described by the researcher.

Let me remind you that we also wrote that Vulnerabilities in Google Home Smart Speakers Allowed Eavesdropp Users, and also that Bypassing the Lock Screen on Pixel Smartphones Netted a Researcher $70,000.

And there was also such a case that Avast expert taught Smarter Coffee machine to ransom money.

Numerous vulnerabilities were discovered at the end of 2022 by cybersecurity researcher Sam Sabetan. According to him, more than 40,000 smart devices located in both residential and commercial premises are affected by bugs. This week, the expert revealed the details of the vulnerabilities found, as he failed to contact the manufacturer and get the release of patches.

The US Infrastructure and Cybersecurity Agency (CISA) has already issued its own security bulletin, warning individuals and organizations using Nexx products about the vulnerabilities discovered by the researcher. CISA experts emphasize that problematic devices are used in commercial facilities around the world, but even they could not contact the manufacturer.

Nexx has not responded to any messages from me, DHS (CISA and US-CERT), or VICE Media Group. I have independently confirmed that Nexx is deliberately ignoring all of our attempts to help with a fix and allowing these critical issues to continue impacting customer devices.Sabetan states.

In total, the researcher found five vulnerabilities, most of which were assigned a “high” or “critical” danger rating. The bugs affect Nexx NXG-100B and NGX-200 garage door controllers running nxg200v-p3-4-1 or older, Nexx Smart Plug NXPG-100W running nxpg100cv4-0-0 and older, and Nexx Smart Alarm NXAL-100 with version nxal100v-p1-9-1 and older.

  1. CVE-2023-1748: Hardcoded credentials on listed devices that allow anyone to access the MQ telemetry server and remotely control any client devices (CVSS score of 9.3);
  2. CVE-2023-1749: Incorrect access control for API requests sent to valid device IDs (CVSS score of 6.5);
  3. CVE-2023-1750: Incorrect access control allowing attackers to gain access to the history of the device, information about it, and change settings (7.1 points on the CVSS scale);
  4. CVE-2023-1751: Invalid input validation that prevents the auth token from being matched to the device ID (CVSS score of 7.5);
  5. CVE-2023-1752: Incorrect authentication control allowing any user to register an already registered Nexx device using its MAC address (CVSS score of 8.1).

The most serious of these bugs is CVE-2023-1748. The bug is related to the fact that Nexx Cloud sets a universal password for all devices registered through the Nexx Home app for Android or iOS.

Nexx smart garage doors

This password is available both in the API communication and in the firmware that comes with the device, so an attacker can easily learn it and send commands to the device via MQTT.

Nexx smart garage doors

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply