The ESL (Electronic Shelf Label) protocol, as implemented...
Moderate severity
Unreviewed
Published
Nov 27, 2022
to the GitHub Advisory Database
•
Updated Feb 25, 2023
Description
Published by the National Vulnerability Database
Nov 27, 2022
Published to the GitHub Advisory Database
Nov 27, 2022
Last updated
Feb 25, 2023
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail #.
References