China National Vulnerability DatabaseCNVD-2022-64973Owl Labs Meeting Owl Trust Management Issue Vulnerability (CNVD-2022-64973)
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Featuring an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker to make meetings more dynamic and inclusive, Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to a trust management issue that could be exploited by an attacker to take control of the device via a backdoor password (derived from the serial number) found in Bluetooth broadcast data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Owl Labs Meeting Owl 5. | eq | 2.0.15 |
Related
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P