13 matches found
CVE-2023-46892
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions e.g., thermostat's temperature...
CVE-2023-46892
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions e.g., thermostat's temperature...
CVE-2023-46889
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
CVE-2023-46889
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
Code injection
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
Meross MSH30Q Security Vulnerability
The Meross MSH30Q is a smart Wi-Fi hub from Meross. A security vulnerability exists in the Meross MSH30Q version 4.5.23, which stems from susceptibility to the transmission of sensitive information in clear text...
CVE-2023-46892
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions e.g., thermostat's temperature...
CVE-2023-46889
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
Meross MSH30Q Security Vulnerability
The Meross MSH30Q is a smart Wi-Fi hub from Meross. A security vulnerability exists in the Meross MSH30Q version 4.5.23, which stems from vulnerability to replay attacks, where an attacker can record and replay previously captured communications to perform unauthorized commands or actions...
PT-2024-13386 · Meross · Meross Msh30Q
Name of the Vulnerable Software and Affected Versions: Meross MSH30Q version 4.5.23 Description: The issue concerns the transmission of sensitive information in cleartext during the device setup phase. When setting up the device, it creates an unprotected Wi-Fi access point and requires the user ...
CVE-2023-46892
CVE-2023-46892 concerns the Meross MSH30Q (version 4.5.23) RF communication protocol. The issue is a replay attack vulnerability that allows recording and replay of previously captured RF commands to trigger unauthorized actions (e.g., thermostat temperature). Affected component is the device’s R...
CVE-2023-46889
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...
CVE-2023-46892
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions e.g., thermostat's temperature...