CVE-2020-9462

MEDIUM

Athom Homey and Homey Pro < 4.2.0 - Cleartext Storage of Sensitive Information in Network Configuration

Title source: llm
STIX 2.1

Description

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://developer.athom.com/firmware

Scores

CVSS v3 4.3
EPSS 0.0032
EPSS Percentile 23.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-312
Status published
Products (2)
homey/homey_firmware < 4.2.0
homey/homey_pro_firmware < 4.2.0
Published Jun 04, 2020
Tracked Since Feb 18, 2026