Owllabs Meeting Owl Pro Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Owllabs Meeting Owl Pro Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-31462 — CVSS 9.3 (critical): Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be…
CVE-2022-31463 — CVSS 8.2 (high): Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
CVE-2022-31459 — CVSS 7.4 (high): Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
CVE-2022-31460 — CVSS 7.4 (high): Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
CVE-2022-31461 — CVSS 7.4 (high): Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.