CVE-2019-17098

low-risk
Published 2020-09-30

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (2)

August Home
Connect Wi-Fi Bridge Firmware

Affected Vendors

August

References (2)

Third Party Advisory https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-securit...
Third Party Advisory https://labs.bitdefender.com/2020/08/smart-locks-not-so-smart-with-wi-fi-securit...
20
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 7/34 · Low