Owllabs: >> Meeting Owl Pro Firmware >> 5.2.0.15 Security Vulnerabilities
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-06-02
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
CVSS Score
7.4
EPSS Score
0.048
Published
2022-06-02
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-06-02
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
CVSS Score
9.3
EPSS Score
0.001
Published
2022-06-02
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-06-02