CVE-2022-31462

Name of the Vulnerable Software and Affected Versions Owl Labs Meeting Owl version 5.2.0.15

Description The issue is related to the implementation of Bluetooth Low Energy (BLE) technology in the microprogram of the Meeting Owl Pro camera for video conferencing. It involves the use of a hardcoded password for account credentials, which is derived from the device's serial number. This can be exploited by an attacker to bypass existing security restrictions using a brute force attack. The backdoor password can be found in Bluetooth broadcast data, allowing attackers to control the device.

Recommendations For version 5.2.0.15, consider disabling the Bluetooth functionality until a patch is available to prevent exploitation of the hardcoded password. As a temporary workaround, restrict access to the device's serial number to minimize the risk of the backdoor password being derived. Avoid using the device for sensitive video conferences until the issue is resolved.