Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-28952
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-09 Mar, 2021 | 20:15
Updated At-17 Mar, 2021 | 18:28

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: "01030507090b0d0f00020406080a0c0d" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
homey
homey
>>homey_firmware>>Versions before 5.0.0(exclusive)
cpe:2.3:o:homey:homey_firmware:*:*:*:*:*:*:*:*
homey
homey
>>homey>>-
cpe:2.3:h:homey:homey:-:*:*:*:*:*:*:*
homey
homey
>>homey_pro_firmware>>Versions before 5.0.0(exclusive)
cpe:2.3:o:homey:homey_pro_firmware:*:*:*:*:*:*:*:*
homey
homey
>>homey_pro>>-
cpe:2.3:h:homey:homey_pro:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://developer.athom.com/firmwarecve@mitre.org
Release Notes
Vendor Advisory
https://homey.app/en-us/cve@mitre.org
Product
Vendor Advisory
https://yougottahackthat.com/blog/1260/athom-homey-security-static-and-well-known-keys-cve-2020-28952cve@mitre.org
Third Party Advisory
Change History
0Changes found
Details not found