Vulnerability Details CVE-2022-31463
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 4.3
References
- https://arstechnica.com/information-technology/2022/06/vulnerabilities-in-meeting-owl-videoconference-device-imperil-100k-users/
- https://resources.owllabs.com/blog/owl-labs-update
- https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
- https://arstechnica.com/information-technology/2022/06/vulnerabilities-in-meeting-owl-videoconference-device-imperil-100k-users/
- https://resources.owllabs.com/blog/owl-labs-update
- https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
Products affected by CVE-2022-31463
-
cpe:2.3:h:owllabs:meeting_owl_pro:-
-
cpe:2.3:o:owllabs:meeting_owl_pro_firmware:5.2.0.15