How severe is CVE-2020-28713?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-28713?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2020-28713 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.

Related Vulnerabilities

CVE-2019-20626

MEDIUM

CVSS:6.5(Medium)

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.

CWE-2942019

CVE-2020-26172

MEDIUM

CVSS:6.5(Medium)

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration t...

CWE-2942020

CVE-2022-2226

MEDIUM

CVSS:6.5(Medium)

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the date...

CWE-2942022

CVE-2022-30466

MEDIUM

CVSS:6.5(Medium)

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.

CWE-2942022

CVE-2022-45914

MEDIUM

CVSS:6.5(Medium)

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to c...

CWE-2942022

CVE-2023-33281

MEDIUM

CVSS:6.5(Medium)

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reprodu...

CWE-2942023