CVE-2023-46889
Meross MSH30Q (4.5.23) is vulnerable to Cleartext Transmission of Sensitive Information. During device setup, the device creates an unprotected Wi‑Fi Access Point to connect to the Internet, causing the Wi‑Fi SSID and password to be transmitted between the MSH30Q and the mobile app over the Wi‑Fi...