Vulnerability Description
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meross | Msg100 Firmware | < 3.2.3 |
| Meross | Msg100 | - |
Related Weaknesses (CWE)
References
- https://infosec.rm-it.de/2021/06/18/meross-smart-wi-fi-garage-door-opener-analysExploitThird Party Advisory
- https://infosec.rm-it.de/?p=878&preview=1&_ppp=219bc85c2fExploitThird Party Advisory
- https://infosec.rm-it.de/2021/06/18/meross-smart-wi-fi-garage-door-opener-analysExploitThird Party Advisory
- https://infosec.rm-it.de/?p=878&preview=1&_ppp=219bc85c2fExploitThird Party Advisory
FAQ
What is CVE-2021-35067?
CVE-2021-35067 is a vulnerability with a CVSS score of 8.1 (HIGH). Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).
How severe is CVE-2021-35067?
CVE-2021-35067 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35067?
Check the references section above for vendor advisories and patch information. Affected products include: Meross Msg100 Firmware, Meross Msg100.