25 matches found
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
EUVD-2021-14672
Malware in sbrugna...
EUVD-2021-14670
Malware in sbrugna...
EUVD-2021-14671
Malware in sbrugna...
CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
CVE-2021-27954
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service...
Ecobee Ecobee3 Lite null pointer dereference vulnerability
Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee Canada.A security vulnerability exists in Ecobee Ecobee3 Lite, which stems from a reference to a freed pointer condition in the product's WIFI access settings. An attacker could cause a denial of service to the target via an ad hoc HTTP...
Ecobee Ecobee3 Lite Hardcoded Default Root Credentials Vulnerability
Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee Canada.Ecobee Ecobee3 Lite contains a security vulnerability that could be exploited by an attacker to access the password-protected bootloader environment via the serial console...
CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
CVE-2021-27954
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service...
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
CVE-2021-27954
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service...
Heap overflow
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service...
Null pointer dereference
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
Hardcoded credentials
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
CVE-2021-27953
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...
CVE-2021-27953
CVE-2021-27953 describes a NULL pointer dereference in Ecobee3 Lite (firmware 4.5.81.200) during the HomeKit Wireless Access Control setup. A threat actor can cause a denial of service by sending a crafted HTTP request, forcing reboot. Documents confirm the affected device and the underlying caus...
CVE-2021-27952
CVE-2021-27952 affects Ecobee3 Lite with firmware 4.5.81.200, where hardcoded default root credentials grant access to the password-protected bootloader environment via the serial console. Public references from NVD list a CVSS v3.1 base score of 9.8 (CRITICAL) with network access and no privileg...