PT-2022-3257 · Owl · Owl Labs Meeting Owl

Published

2022-06-02

Updated

2022-07-08

CVE-2022-31460

CVSS v3.1

7.4

High

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Owl Labs Meeting Owl version 5.2.0.15

Description The issue is related to the use of hardcoded credentials in the camera's firmware, allowing a remote attacker to activate "tethering Mode" and escalate their privileges. The exploitation involves using a certain c 150 value with the hard-coded hoohoot credentials.

Recommendations For version 5.2.0.15, consider disabling the tethering Mode feature until a patch is available to prevent potential exploitation. Restrict access to the camera's firmware to minimize the risk of unauthorized privilege escalation. Avoid using the hard-coded hoohoot credentials in the affected API endpoint until the issue is resolved.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2022-03975

CVE-2022-31460

Affected Products

Owl Labs Meeting Owl

PT-2022-3257 · Owl · Owl Labs Meeting Owl

CVE-2022-31460

Weakness Enumeration

Related Identifiers

Affected Products

References · 8