CVE-2022-31462

Sažetak

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

Reference

https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
https://arstechnica.com/information-technology/2022/06/vulnerabilities-in-meeting-owl-videoconference-device-imperil-100k-users/
https://resources.owllabs.com/blog/owl-labs-update

CVSS

Base:	5.4
Impact:	6.4
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:A/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-07-2022 - 16:47

Objavljeno

02-06-2022 - 22:15