How severe is CVE-2023-37822?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2023-37822?

This is classified as CWE-331, which is a common weakness in software security.

CVE-2023-37822 - HIGH Severity | CVSS 8.2

Vulnerability Description

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

Related Vulnerabilities

CVE-2014-8422

HIGH

CVSS:8.1(High)

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes ...

CWE-3312014

CVE-2017-13992

HIGH

CVSS:8.1(High)

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mec...

CWE-3312017

CVE-2020-1773

HIGH

CVSS:8.1(High)

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, passwo...

CWE-3312020

CVE-2024-6508

HIGH

CVSS:8.0(High)

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSR...

CWE-3312024

CVE-2022-37401

HIGH

CVSS:8.8(High)

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw i...

CWE-3312022

CVE-2001-0950

HIGH

CVSS:7.5(High)

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

CWE-3312001