Hardcoded credentials

2020-03-2018:15:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface.

CPENameOperatorVersion
brain_cube_corege2.0.0
brain_cube_corele2.23.0

CPE	Name	Operator	Version
	brain_cube_core	ge	2.0.0
	brain_cube_core	le	2.23.0

References

store.hom.ee/collections/all/products/homee-brain-cube

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-026.txt