Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.
5.3CVSS
5.4AI Score
0.001EPSS
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
7.5CVSS
7.4AI Score
0.016EPSS