CVE-2023-46892

Name of the Vulnerable Software and Affected Versions Meross MSH30Q version 4.5.23

Description The radio frequency communication protocol used by the device is susceptible to replay attacks. This allows attackers to record and replay previously captured communication, enabling them to execute unauthorized commands or actions, such as modifying the thermostat's temperature.

Recommendations For Meross MSH30Q version 4.5.23, consider implementing authentication mechanisms to verify the authenticity of incoming commands to prevent replay attacks. As a temporary workaround, restrict access to the device's communication protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.