CVE-2018-6402
Summary
| CVE | CVE-2018-6402 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-14 19:15:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack. |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ecobee | Ecobee4 | - | All | All | All |
| Hardware | Ecobee | Ecobee4 | - | All | All | All |
| Operating System | Ecobee | Ecobee4 Firmware | 4.2.0.171 | All | All | All |
| Operating System | Ecobee | Ecobee4 Firmware | 4.2.0.171 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Meross MSS110 Vulnerability | meross-mss110-vuln | MISC | garrettmiller.github.io | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.