CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20100

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/
https://dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/

Products affected by CVE-2018-20100

August » August Connect » Version: N/A

cpe:2.3:a:august:august_connect:-
August » August Connect » Version: N/A

cpe:2.3:h:august:august_connect:-
August » August Connect Firmware » Version: N/A

cpe:2.3:o:august:august_connect_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20100

Products

Pricing

Contact Us