External risk intelligence

Inohom Nova Panel Authentication Bypass Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2024-6684

An authentication bypass vulnerability has been identified in an electronic control panel. This could allow unauthorized access to systems, potentially exposing data or disrupting operations. The vendor has indicated the product is no longer supported, increasing business risk. Organizations should identify affected as

4Halo Surface Signal

Authentication Bypass

External exposure likelihood

Halo Surface Signal score for CVE-2024-6684

The affected product is a smart home or automation panel. Such devices are commonly deployed as network-accessible management interfaces, often intended for remote monitoring and control, which frequently leads to their exposure on local and wide-area networks.

PCI scan relevance

PCI Relevance for CVE-2024-6684

Yes

CVE-2024-6684 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in the inohom Nova Panel N7 allows an attacker to bypass authentication, which could lead to a PCI scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:X/RE:X/U:Red

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability affects a specific electronic control panel. The flaw permits unauthorized access to the system. This could potentially expose sensitive information or allow for the disruption of connected operations, impacting organizational security and continuity.

  • Affected electronic control panel
  • Allows unauthorized system access
  • Potential data exposure and operational disruption

Attack Path

How an attacker could exploit the issue

An attacker can bypass authentication by exploiting an alternate path or channel. This vulnerability allows unauthorized access to the affected system. The system's administrative functions could then be compromised, leading to potential manipulation of connected devices or data.

  • Publicly accessible system.
  • Attacker bypasses authentication.
  • Attacker gains administrative control.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows for authentication bypass on the inohom Nova Panel N7. The issue impacts systems through version 1.9.9.6. Notably, the vendor has indicated that the product is no longer supported, which could complicate remediation efforts. The potential business risk is considered high due to the critical severity score.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A critical vulnerability has been identified that permits authentication bypass through an alternate path or channel in the GST Electronics inohom Nova Panel N7. This could allow unauthorized access to systems. The vendor has indicated that the product is not supported.

  • Identify inohom Nova Panel N7 assets.
  • Reduce exposure or isolate affected devices.
  • Address vendor guidance and monitor activity.

Frequently asked questions

What is the inohom Nova Panel N7 and what is it used for?

The inohom Nova Panel N7 is an electronic control panel used in smart home or automation systems. These panels typically serve as a central interface for managing and monitoring connected devices and operations within a home or facility.

How does CVE-2024-6684 bypass authentication?

CVE-2024-6684 is an Authentication Bypass Using an Alternate Path or Channel vulnerability. This means an attacker can gain access to the system without proper authentication by using an unintended method or route, bypassing the normal security checks.

What are the preconditions for an attacker to exploit CVE-2024-6684?

An attacker needs network access to exploit this vulnerability. The vulnerability is triggered through an alternate path or channel, suggesting that normal authentication methods are not necessarily required to initiate the bypass.

Who should be concerned about the inohom Nova Panel N7 vulnerability?

Organizations with internet-facing inohom Nova Panel N7 devices should be particularly concerned. Halo Surface Signal indicates that devices like this are commonly deployed as network-accessible management interfaces, increasing their potential exposure.

What should I do if I have an inohom Nova Panel N7?

First, identify all inohom Nova Panel N7 assets within your environment. Consider reducing their network exposure or isolating them if possible. You should also monitor for any vendor guidance, though the vendor has indicated the product is not supported.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified