CVE-2024-7408

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*

History

13 Aug 2024, 16:06

Type	Values Removed	Values Added
References	~~() https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 -~~	() https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 - Third Party Advisory
First Time		Airveda pm2.5 Pm10 Monitor Firmware Airveda Airveda pm2.5 Pm10 Monitor
Summary		(es) Esta vulnerabilidad existe en Airveda Air Quality Monitor PM2.5 PM10 debido a la transmisión de información confidencial en texto plano durante el modo de emparejamiento AP. Un atacante que se encuentre cerca podría aprovechar esta vulnerabilidad capturando el tráfico Wi-Fi de Airveda-AP. La explotación exitosa de esta vulnerabilidad podría permitir al atacante provocar un ataque Evil Twin en el sistema objetivo.
CPE		cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:::::::* cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-13 16:06

NVD link : CVE-2024-7408

Mitre link : CVE-2024-7408

CVE.ORG link : CVE-2024-7408

JSON object : View

Products Affected

airveda

pm2.5_pm10_monitor
pm2.5_pm10_monitor_firmware

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2024-7408", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.6, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-12T13:38:41.777", "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233", "tags": ["Third Party Advisory"], "source": "vdisclose@cert-in.org.in"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "vdisclose@cert-in.org.in", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\n\nSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system."}, {"lang": "es", "value": "Esta vulnerabilidad existe en Airveda Air Quality Monitor PM2.5 PM10 debido a la transmisi\u00f3n de informaci\u00f3n confidencial en texto plano durante el modo de emparejamiento AP. Un atacante que se encuentre cerca podr\u00eda aprovechar esta vulnerabilidad capturando el tr\u00e1fico Wi-Fi de Airveda-AP. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante provocar un ataque Evil Twin en el sistema objetivo."}], "lastModified": "2024-08-13T16:06:08.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E9A41C-8043-4A2F-8FDD-E61150D06813", "versionEndExcluding": "7.4.4.39"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E792875-205F-4485-8FFA-30A5D1A376B0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vdisclose@cert-in.org.in"}