Vulnerability Details CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 2.9
References
Products affected by CVE-2018-6402
-
cpe:2.3:h:ecobee:ecobee4:-
-
cpe:2.3:o:ecobee:ecobee4_firmware:4.2.0.171