This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.
Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Aug 2024, 16:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Airveda
Airveda pm2.5 Pm10 Monitor Airveda pm2.5 Pm10 Monitor Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233 - Third Party Advisory | |
CPE | cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:* |
|
Summary |
|
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-13 16:06
NVD link : CVE-2024-7408
Mitre link : CVE-2024-7408
CVE.ORG link : CVE-2024-7408
JSON object : View
Products Affected
airveda
- pm2.5_pm10_monitor_firmware
- pm2.5_pm10_monitor
CWE
CWE-319
Cleartext Transmission of Sensitive Information