Vulnerability Details CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
Products affected by CVE-2021-27953
-
cpe:2.3:h:ecobee:ecobee3_lite:-
-
cpe:2.3:o:ecobee:ecobee3_lite_firmware:4.5.81.200