Unrated severityNVD Advisory· Published Jan 2, 2019· Updated Aug 5, 2024
CVE-2018-20100
CVE-2018-20100
Description
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.
Affected products
1Patches
Vulnerability mechanics
References
1- dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.