CVE-2020-28952

Name of the Vulnerable Software and Affected Versions: Athom Homey and Homey Pro versions prior to 5.0.0

Description: An issue was discovered where ZigBee hub devices should generate a unique Standard Network Key for encrypted inter-device communication. However, the affected devices use a widely known key designed for testing purposes: "01030507090b0d0f00020406080a0c0d", which is human-generated and static across all issued devices.

Recommendations: For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ZigBee network to minimize the risk of exploitation.