First published: Mon Sep 18 2023
Last modified: Mon Sep 18 2023
Exploited: Yes
Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
The vulnerability ID for the Owl Labs Meeting Owl use of hard-coded credentials vulnerability is CVE-2022-31462.
The vulnerability allows an attacker to control the device via a backdoor password derived from the serial number, which is found in Bluetooth broadcast data.
An attacker can exploit the vulnerability by using the backdoor password derived from the serial number to gain unauthorized control over the device.
Yes, a fix for the vulnerability should be provided by Owl Labs. Please refer to the vendor's official update for more information.
You can find more information about the vulnerability in the official update provided by Owl Labs.