CVE-2020-11924 - OpenCVE

An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wizconnected	Colors A60 Firmware Colors A60

Configuration 1 [-]

AND

cpe:2.3:o:wizconnected:colors_a60_firmware:1.14.0:*:*:*:*:*:*:*

cpe:2.3:h:wizconnected:colors_a60:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-02T18:11:07

Updated: 2021-04-02T18:11:07

Reserved: 2020-04-19T00:00:00

Link: CVE-2020-11924

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-02T19:15:18.663

Modified: 2021-04-07T19:30:01.180

Link: CVE-2020-11924

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wizconnected:colors_a60_firmware:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "5422AFDF-824C-46E9-9AA6-0611C6E21C98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wizconnected:colors_a60:-:*:*:*:*:*:*:*", "matchCriteriaId": "B36604A5-D272-4B43-A99E-39808C4B1D83", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device."}, {"lang": "es", "value": "Se detect\u00f3 un problema en WiZ Colors A60 versi\u00f3n 1.14.0. Las credenciales de Wi-Fi son almacenadas en texto sin cifrar en la memoria flash, lo que presenta un riesgo de divulgaci\u00f3n de informaci\u00f3n para un dispositivo desechado o revendido."}], "id": "CVE-2020-11924", "lastModified": "2021-04-07T19:30:01.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T19:15:18.663", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}