CVE-2023-46889 - OpenCVE

Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Meross	Msh30q Firmware Msh30q

Configuration 1 [-]

AND

cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*

cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-23T00:00:00

Updated: 2024-01-23T20:12:59.732869

Reserved: 2023-10-30T00:00:00

Link: CVE-2023-46889

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-23T20:15:45.190

Modified: 2024-01-31T16:36:18.020

Link: CVE-2023-46889

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meross:msh30q_firmware:4.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "88053A66-2CE3-4D0B-8119-57C49A3A2014", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meross:msh30q:-:*:*:*:*:*:*:*", "matchCriteriaId": "92051225-D526-48A3-8B3C-81BC290AB37D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it."}, {"lang": "es", "value": "Meross MSH30Q 4.5.23 es vulnerable a la transmisi\u00f3n de informaci\u00f3n confidencial en texto plano. Durante la fase de configuraci\u00f3n del dispositivo, el MSH30Q crea un punto de acceso Wi-Fi desprotegido. En esta fase, MSH30Q necesita conectarse a Internet a trav\u00e9s de un enrutador Wi-Fi. Es por eso que MSH30Q solicita el nombre de la red Wi-Fi (SSID) y la contrase\u00f1a de la red Wi-Fi. Cuando el usuario ingresa la contrase\u00f1a, se observa la transmisi\u00f3n de la contrase\u00f1a y el nombre de Wi-Fi entre el MSH30Q y la aplicaci\u00f3n m\u00f3vil en la red Wi-Fi. Aunque la contrase\u00f1a de Wi-Fi est\u00e1 cifrada, una parte del algoritmo de descifrado es p\u00fablica, por lo que complementamos las partes que faltan para descifrarlo."}], "id": "CVE-2023-46889", "lastModified": "2024-01-31T16:36:18.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T20:15:45.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}