← Back

CVE-2024-7408

nvd nist
Published: Aug 12, 2024Modified: Aug 13, 2024

JSON object

Loading...
8.6
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: vdisclose@cert-in.org.in (Secondary)

Description

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

Affected (1)

Airveda
1 product
Pm2.5 Pm10 Monitor Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pm2.5 Pm10 Monitor Firmware
Before 7.4.4.39
Running on/withPlatform Versions
Airveda
Pm2.5 Pm10 Monitor
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

Source: vdisclose@cert-in.org.in
Third Party Advisory

Timeline

No history available yet.