How severe is CVE-2020-28952?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-28952?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2020-28952 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices.

Related Vulnerabilities

CVE-2005-3716

HIGH

CVSS:7.5(High)

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive ...

CWE-7982005

CVE-2005-3803

HIGH

CVSS:7.5(High)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

CWE-7982005

CVE-2010-2073

HIGH

CVSS:7.5(High)

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP ser...

CWE-7982010

CVE-2013-1352

HIGH

CVSS:7.5(High)

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CWE-7982013

CVE-2013-2567

HIGH

CVSS:7.5(High)

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sens...

CWE-7982013

CVE-2013-2572

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which...

CWE-7982013