Описание
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
Ссылки
- ExploitPermissions RequiredThird Party Advisory
- ExploitPermissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.31 (включая) до 1.37 (включая)
cpe:2.3:a:evoko:home:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00506
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
EPSS
Процентиль: 66%
0.00506
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo