CVE-2022-31459

Name of the Vulnerable Software and Affected Versions Owl Labs Meeting Owl version 5.2.0.15

Description The issue is related to the implementation of Bluetooth Low Energy (BLE) technology in the microprogram of the Meeting Owl Pro camera for video conferencing. It involves inadequate processing of the value c :10 when using the SHA-1 cryptographic algorithm. This can allow an attacker to exploit the issue and potentially guess passwords using a brute force method. The vulnerability enables attackers to retrieve the passcode hash via a certain c :10 value over Bluetooth.

Recommendations For version 5.2.0.15, consider disabling the use of Bluetooth Low Energy (BLE) technology until a patch is available to prevent the exploitation of the inadequate encryption strength. Restrict access to the c :10 value to minimize the risk of passcode hash retrieval over Bluetooth. Avoid using the c :10 value in the affected Bluetooth communication until the issue is resolved.