CVE-2020-9462

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-312
View all →

Vulnerability Description

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.

Related Vulnerabilities

CVE-2018-19279

MEDIUM
CVSS:4.3(Medium)

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD...

CWE-3122018

CVE-2019-10447

MEDIUM
CVSS:4.3(Medium)

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CWE-3122019

CVE-2019-10451

MEDIUM
CVSS:4.3(Medium)

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3122019

CVE-2019-10452

MEDIUM
CVSS:4.3(Medium)

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the mast...

CWE-3122019

CVE-2019-4738

MEDIUM
CVSS:4.3(Medium)

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in f...

CWE-3122019

CVE-2020-15935

MEDIUM
CVSS:4.3(Medium)

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users...

CWE-3122020