CVE-2023-46889
low-risk
Published 2024-01-23
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.7/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Msh30Q Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/pr...
Third Party Advisory
https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/pr...
24
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal