CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
evokohome
1.31 ≤
𝑥
≤ 1.37
𝑥
= Vulnerable software versions
References
https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html
https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html