Evoko ≫ Home

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.