PT-2020-9870 · August · August Connect Firmware+1
Bitdefender Labs
·
Published
2020-09-30
·
Updated
2020-10-08
·
CVE-2019-17098
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
August Connect Wi-Fi Bridge App versions v10.11.0 and prior
August Connect Firmware versions 2.2.12 and prior
Description
The issue is related to the use of a hard-coded cryptographic key in the August Connect Wi-Fi Bridge App and Connect Firmware, allowing an attacker to decrypt an intercepted payload containing Wi-Fi network authentication credentials.
Recommendations
For August Connect Wi-Fi Bridge App versions v10.11.0 and prior, update to a version newer than v10.11.0 to resolve the issue.
For August Connect Firmware versions 2.2.12 and prior, update to a version newer than 2.2.12 to resolve the issue.
As a temporary workaround, consider restricting access to the Wi-Fi network to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
August Connect Firmware
August Connect Wi-Fi Bridge App