CVE-2022-31462
Published on June 2, 2022
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
Known Exploited Vulnerability
This Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2022-31462
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-31462 are published in these products:
What versions are vulnerable to CVE-2022-31462?
Each of the following must match for the vulnerability to exist.