CERT-In Vulnerability Note
CIVN-2024-0233
Information Disclosure Vulnerability in Airveda Air Quality Monitor
Original Issue Date:August 09, 2024
Severity Rating: HIGH
Systems Affected
- Airveda PM2.5 PM10 Monitor - all versions prior to 7.4.4.39
Overview
A vulnerability has been reported in Airveda Air Quality Monitor, which could allow an attacker to cause Evil Twin attack on the targeted system.
Description
This vulnerability exists in Airveda Air Quality Monitor due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.
Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
Credit
This vulnerability is reported by Mr. Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad.
Solution
- Upgrade to version 7.4.4.39
Vendor Information
Airveda
https://www.airveda.com/airveda-pm-air-quality-monitor
References
Airveda
https://www.airveda.com/airveda-pm-air-quality-monitor
CVE Name
CVE-2024-7408
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|