VYPR
High severity7.5NVD Advisory· Published Jan 19, 2020· Updated Jun 17, 2026

CVE-2020-7232

CVE-2020-7232

Description

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.

Affected products

2
  • Evoko/Homedescription
  • Evoko/Homellm-create
    Range: 1.31 - 1.37

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.