This page lists publicly disclosed CVE vulnerabilities affecting shelly trv_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-42144 | Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | [email protected] | 5.5 | 0.11% | 2024-01-23 | 2026-06-17 |
| CVE-2023-42143 | Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | [email protected] | 5.4 | 0.15% | 2024-01-23 | 2026-06-17 |