RSS   Vulnerabilities for 'HOME'   RSS

2020-01-19
 
CVE-2020-7232

CWE-200
 

 
Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.

 
 
CVE-2020-7231

CWE-209
 

 
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.

 


Copyright 2024, cxsecurity.com

 

Back to Top