Описание
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ecobee:ecobee4_firmware:4.2.0.171:*:*:*:*:*:*:*
cpe:2.3:h:ecobee:ecobee4:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
7.5 High
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-327
Связанные уязвимости
github
больше 3 лет назад
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.
EPSS
Процентиль: 20%
0.00063
Низкий
7.5 High
CVSS3
2.9 Low
CVSS2
Дефекты
CWE-327