6 matches found
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
Ecobee Ecobee4 Input Validation Error Vulnerability
The Ecobee Ecobee4 is a room smart thermostat from Ecobee Canada. An input validation error vulnerability exists in Ecobee Ecobee4 version 4.2.0.171. The vulnerability originates from a network system or product that does not properly validate input data. No details of the vulnerability are...
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
Code injection
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
CVE-2018-6402
CVE-2018-6402 affects Ecobee4 devices running 4.2.0.171. The vulnerability allows an attacker to force deauthentication and cause the device to connect to an unencrypted Wi‑Fi network sharing the same SSID, given the attacker can set up a nearby network with a stronger signal (an Evil Twin scenar...
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...