CVE-2024-7408

MEDIUM

Airveda Pm2.5 Pm10 Monitor Firmware - Cleartext Transmission

Title source: rule

Description

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

References (1)

[Third Party Advisory] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0233

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

airveda/pm2.5_pm10_monitor_firmware < 7.4.4.39

Published Aug 12, 2024

Tracked Since Feb 18, 2026