PT-2022-3409 · Owl · Owl Labs Meeting Owl
Published
2022-06-02
·
Updated
2023-09-18
·
CVE-2022-31461
CVSS v3.1
7.4
High
| Vector | AC:L/AV:A/A:N/C:N/I:H/PR:N/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
Owl Labs Meeting Owl version 5.2.0.15
Description
The issue is related to insufficient authentication procedure in the camera's firmware, allowing a remote attacker to bypass existing security restrictions. Specifically, it allows attackers to deactivate the passcode protection mechanism via a certain message.
Recommendations
For Owl Labs Meeting Owl version 5.2.0.15, consider disabling the passcode protection mechanism deactivation feature until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Owl Labs Meeting Owl