CVE-2024-7408

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*

History

13 Aug 2024, 16:06

Type Values Removed Values Added
First Time Airveda
Airveda pm2.5 Pm10 Monitor
Airveda pm2.5 Pm10 Monitor Firmware
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 - Third Party Advisory
CPE cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*
Summary
  • (es) Esta vulnerabilidad existe en Airveda Air Quality Monitor PM2.5 PM10 debido a la transmisión de información confidencial en texto plano durante el modo de emparejamiento AP. Un atacante que se encuentre cerca podría aprovechar esta vulnerabilidad capturando el tráfico Wi-Fi de Airveda-AP. La explotación exitosa de esta vulnerabilidad podría permitir al atacante provocar un ataque Evil Twin en el sistema objetivo.

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-13 16:06


NVD link : CVE-2024-7408

Mitre link : CVE-2024-7408

CVE.ORG link : CVE-2024-7408


JSON object : View

Products Affected

airveda

  • pm2.5_pm10_monitor_firmware
  • pm2.5_pm10_monitor
CWE
CWE-319

Cleartext Transmission of Sensitive Information