exploitDog

CVE-2021-27953

Опубликовано: 03 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.

Ссылки

https://www.l9group.com/advisories/remote-denial-of-service-of-ecobee3-lite
Exploit
Third Party Advisory
https://www.l9group.com/advisories/remote-denial-of-service-of-ecobee3-lite
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ecobee:ecobee3_lite_firmware:4.5.81.200:*:*:*:*:*:*:*

cpe:2.3:h:ecobee:ecobee3_lite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01258

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-xfww-6hgp-m5c5

github

больше 3 лет назад

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.

EPSS

Процентиль: 79%

0.01258

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-476