An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
References
Link | Resource |
---|---|
https://developer.athom.com/firmware | Release Notes Vendor Advisory |
https://developer.athom.com/firmware | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 05:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.athom.com/firmware - Release Notes, Vendor Advisory |
Information
Published : 2020-06-04 16:15
Updated : 2024-11-21 05:40
NVD link : CVE-2020-9462
Mitre link : CVE-2020-9462
CVE.ORG link : CVE-2020-9462
JSON object : View
Products Affected
homey
- homey
- homey_pro
- homey_firmware
- homey_pro_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information