An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
References
Link | Resource |
---|---|
https://developer.athom.com/firmware | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-06-04 16:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-9462
Mitre link : CVE-2020-9462
CVE.ORG link : CVE-2020-9462
JSON object : View
Products Affected
homey
- homey_firmware
- homey
- homey_pro_firmware
- homey_pro
CWE
CWE-312
Cleartext Storage of Sensitive Information