Vulnerability Details CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2021-27952
-
cpe:2.3:h:ecobee:ecobee3_lite:-
-
cpe:2.3:o:ecobee:ecobee3_lite_firmware:4.5.81.200