CVE-2020-12702 Information

Description

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://dl.acm.org/doi/abs/10.1145/3411498.3419965 https://www.youtube.com/watch?v=DghYH7WY6iE&feature=youtu.be https://github.com/salgio/ESPTouchCatcher https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.6