CVE-2024-7408

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-12 13:38

Updated : 2024-08-13 16:06

NVD link : CVE-2024-7408

Mitre link : CVE-2024-7408

CVE.ORG link : CVE-2024-7408

JSON object : View

Products Affected

airveda

pm2.5_pm10_monitor_firmware
pm2.5_pm10_monitor

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2024-7408", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.6, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-12T13:38:41.777", "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233", "tags": ["Third Party Advisory"], "source": "vdisclose@cert-in.org.in"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\n\nSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system."}, {"lang": "es", "value": "Esta vulnerabilidad existe en Airveda Air Quality Monitor PM2.5 PM10 debido a la transmisi\u00f3n de informaci\u00f3n confidencial en texto plano durante el modo de emparejamiento AP. Un atacante que se encuentre cerca podr\u00eda aprovechar esta vulnerabilidad capturando el tr\u00e1fico Wi-Fi de Airveda-AP. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante provocar un ataque Evil Twin en el sistema objetivo."}], "lastModified": "2024-08-13T16:06:08.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airveda:pm2.5_pm10_monitor_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E9A41C-8043-4A2F-8FDD-E61150D06813", "versionEndExcluding": "7.4.4.39"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airveda:pm2.5_pm10_monitor:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E792875-205F-4485-8FFA-30A5D1A376B0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vdisclose@cert-in.org.in"}