Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
References
Link | Resource |
---|---|
https://arstechnica.com/information-technology/2022/06/vulnerabilities-in-meeting-owl-videoconference-device-imperil-100k-users/ | Third Party Advisory |
https://resources.owllabs.com/blog/owl-labs-update | Release Notes Vendor Advisory |
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-02T21:40:16
Updated: 2022-07-07T11:53:56
Reserved: 2022-05-23T00:00:00
Link: CVE-2022-31462
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-02T22:15:08.163
Modified: 2022-07-08T16:47:46.220
Link: CVE-2022-31462
JSON object: View
Redhat Information
No data.
CWE