CVE-2022-31462

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

Known Exploited Vulnerability

This Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Exploit Probability

EPSS

0.17%

Percentile

38.54%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-31462Published on June 2, 2022

Known Exploited Vulnerability

Vulnerability Analysis

Exploit Probability

CVE-2022-31462
Published on June 2, 2022