| ID |
CVE-2025-6521
|
| Sažetak |
During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials. |
| Reference |
|
| CVSS |
| Base: | 7.6 |
| Impact: | 5.8 |
| Exploitability: | 1.2 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| ADJACENT_NETWORK |
LOW |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
HIGH |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N |
| Zadnje važnije ažuriranje |
27-06-2025 - 17:15 |
| Objavljeno |
27-06-2025 - 17:15 |
