CVE-2020-9462

{"id": "CVE-2020-9462", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-06-04T16:15:13.280", "references": [{"url": "https://developer.athom.com/firmware", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en todos los dispositivos Athom Homey y Homey Pro hasta la actual versi\u00f3n 4.2.0. Un atacante dentro del rango de RF puede obtener una copia en texto sin cifrar de la configuraci\u00f3n de la red del dispositivo, incluyendo el PSK Wi-Fi, durante la configuraci\u00f3n del dispositivo. Tras el \u00e9xito, el atacante es capaz de infiltrarse a\u00fan m\u00e1s en las redes Wi-Fi del objetivo"}], "lastModified": "2020-06-10T13:58:06.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:homey:homey_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38804188-0945-41FF-A377-6485F2A9FAF6", "versionEndExcluding": "4.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:homey:homey:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53273CFA-B260-401D-9DD6-B90E3DA09D7D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:homey:homey_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E22F8E86-CF2C-4FBC-B403-8B385971A289", "versionEndExcluding": "4.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:homey:homey_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C01177C9-CED9-4D65-BEBB-C44C13C8A0A6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}