CVE-2020-24395

Name of the Vulnerable Software and Affected Versions: homee Brain Cube v2 versions 2.28.2 through 2.28.4

Description: The issue arises from insufficient validation of the firmware image file in the USB firmware update script, allowing an attacker with physical access to install compromised firmware, which can lead to code execution on the device.

Recommendations: For homee Brain Cube v2 versions 2.28.2 through 2.28.4, as a temporary workaround, consider restricting physical access to the device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.