CVE-2020-12702

Sažetak

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.

Reference

https://dl.acm.org/doi/abs/10.1145/3411498.3419965
https://www.youtube.com/watch?v=DghYH7WY6iE&feature=youtu.be
https://github.com/salgio/ESPTouchCatcher
https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-07-2021 - 11:39

Objavljeno

24-02-2021 - 14:15