Vulnerability Description
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Homey | Homey Firmware | < 4.2.0 |
| Homey | Homey | - |
| Homey | Homey Pro Firmware | < 4.2.0 |
| Homey | Homey Pro | - |
Related Weaknesses (CWE)
References
- https://developer.athom.com/firmwareRelease NotesVendor Advisory
- https://developer.athom.com/firmwareRelease NotesVendor Advisory
FAQ
What is CVE-2020-9462?
CVE-2020-9462 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, in...
How severe is CVE-2020-9462?
CVE-2020-9462 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9462?
Check the references section above for vendor advisories and patch information. Affected products include: Homey Homey Firmware, Homey Homey, Homey Homey Pro Firmware, Homey Homey Pro.