4.3

CVE-2020-11922

Exploit

EPSS 0.32%
Veröffentlicht 02.04.2021 16:15:13
Zuletzt bearbeitet 21.11.2024 04:58:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wizconnected ≫ A60 Colors Firmware Version1.14.0

Wizconnected ≫ A60 Colors Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2024/Jul/14

https://cwe.mitre.org/data/definitions/201.html

Third Party Advisory

https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-11922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11922

EUVD