<--
א
Idan Strovinsky
Twitter:
@foo
Homepage:
http://bar/
GitHub:
ghsi10
Keybase:
qux
POSTS
Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
19-Jun 2023
,
CVE-2023-24500
CVE-2023-24501
CVE-2023-24502
CVE-2023-24503
CVE-2023-24504
CVE-2023-30160
VULNS
03/12/23
CVE-2023-30160
Unauthorized attacker can connect to the MQTT server controlling all of Electra's Smart AC units and gain full control of them
03/12/23
CVE-2023-24504
Attacker within WiFi range can cause unconfigured units to connect to a malicious update server
03/12/23
CVE-2023-24503
Attacker within IR range can install arbitrary firmware over the air
03/12/23
CVE-2023-24502
A WiFi hotspot with a known password is always availiable on unconfigured units
03/12/23
CVE-2023-24501
Credentials for connecting to the MQTT server hardcoded inside the firmware
03/12/23
CVE-2023-24500
Attacker within WiFi range can install arbitrary firmware over the air on unconfigured units