Vulnerability Description
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wizconnected | A60 Colors Firmware | 1.14.0 |
| Wizconnected | A60 Colors | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Jul/14
- https://cwe.mitre.org/data/definitions/201.htmlThird Party Advisory
- https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2024/Jul/14
- https://cwe.mitre.org/data/definitions/201.htmlThird Party Advisory
- https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulExploitThird Party Advisory
FAQ
What is CVE-2020-11922?
CVE-2020-11922 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it...
How severe is CVE-2020-11922?
CVE-2020-11922 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11922?
Check the references section above for vendor advisories and patch information. Affected products include: Wizconnected A60 Colors Firmware, Wizconnected A60 Colors.