Vulnerability Details CVE-2020-7232
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References