Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31734
HistoryFeb 22, 2015 - 12:00 a.m.

CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak

2015-02-2200:00:00
vulners.com
11

Summary

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

The problem has been fixed by removing this configuration dump from current firmware versions.

CVE: CVE-2015-1600.

Affected Systems: Netatmo Indoor Module firmware 100 and earlier.

Additional Details: https://isc.sans.edu/forums/diary/Did+You+Remove+That+Debug+Code+Netatmo+Weather+Station+Sending+WPA+Passphrase+in+the+Clear/19327/

Manufacturers web site: www.netatmo.com

Patch: Affected systems will download updated firmware automatically from Netatmo's cloud service.

Related for SECURITYVULNS:DOC:31734