CVE-2025-69822

Published: Jan 22, 2026Modified: Feb 2, 2026

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

Affected (1)

Products: Atomberg: Erica Smart Fan Firmware

Atomberg

1 product

Erica Smart Fan Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Atomberg Erica Smart Fan Firmware	Version 1.0.36

Running on/with	Platform Versions
Atomberg Erica Smart Fan	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://github.com/CipherX1802/CVE-2025-69822-Atomberg_Erica_SmatFan_Security_Assessment.git

Source: cve@mitre.org

Third Party Advisory

https://github.com/CipherX1802/CVE-2025-69822-Atomberg_Erica_SmatFan_Security_Assessment/blob/main/Atomberg_Erica_SmatFan_Security_Assessment_Report.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.