MidnightBSD

Advisories for owllabs

CVE-2022-31459 LOW

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,

Products Affected

Vendor Product Version
owllabs meeting_owl_pro_firmware *
CVE-2022-31460 LOW

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 2.8 4.0
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
owllabs meeting_owl_pro_firmware *
CVE-2022-31461 LOW

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve@mitre.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
owllabs meeting_owl_pro_firmware *
CVE-2022-31462 MEDIUM

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 2.8 5.8
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
owllabs meeting_owl_pro_firmware *
CVE-2022-31463 MEDIUM

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 2.8 4.2
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 2.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
owllabs meeting_owl_pro_firmware *