CVE-2019-15745 Information

Description

The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network take over control of a device and perform actions such as turning it on and off.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/iamckn/eques https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-four/ https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-one/ https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-three/ https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-two/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8