CVE-2023-46892

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 23, 2024

Updated: Jan 29, 2024

CWE ID 294

Summary

CVE-2023-46892 is a vulnerability affecting Meross MSH30Q devices running software version 4.5.23. The issue lies in the radio frequency communication protocol, making it susceptible to replay attacks. Attackers can exploit this vulnerability by recording and replaying previous communications to execute unauthorized commands, potentially altering the thermostat's temperature settings without authorization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Meross

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tMy_1U
https://www.cve.org/CVERecord?id=CVE-2023-46892
https://nvd.nist.gov/vuln/detail/CVE-2023-46892

Back to Vulnerability Database

CVE-2023-46892

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations