PT-2024-38325 · Airveda · Airveda Air Quality Monitor

Anand Agrawal

Published

2024-08-09

Updated

2024-08-13

CVE-2024-7408

CVSS v4.0

8.6

High

Vector

AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Airveda Air Quality Monitor PM2.5 PM10 (affected versions not specified)

Description This issue exists due to the transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation could allow the attacker to cause an Evil Twin attack on the targeted system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2024-7408

Affected Products

Airveda Air Quality Monitor

PT-2024-38325 · Airveda · Airveda Air Quality Monitor

CVE-2024-7408

Weakness Enumeration

Related Identifiers

Affected Products

References · 6