Описание
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (исключая)
Одновременно
cpe:2.3:o:homey:homey_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:homey:homey:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 4.2.0 (исключая)
Одновременно
cpe:2.3:o:homey:homey_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:homey:homey_pro:-:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
4.3 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-312
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
EPSS
Процентиль: 10%
0.00035
Низкий
4.3 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-312