Tec4Data released new firmware to fix a missing authentication for critical function vulnerability in its SmartCooler, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by Ankit Anubhav of NewSky Security, could cause the device to shut down by exploiting missing authentication for a critical function.
A cooling appliance, all versions of SmartCooler prior to firmware 180806 suffer from the remotely exploitable vulnerability.
In the vulnerability, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.
CVE-2018-14796 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees action mainly in the commercial facilities sector. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Austria-based Tec4Data released new firmware to address the vulnerability and has distributed the new firmware to affected devices.