<--

Credentials for connecting to the MQTT server hardcoded inside the firmware

Aleph Research Advisory

Identifier

Severity

Critical

Product

Electra Central AC

Vulnerable Versions

  1. Electra Central AC Smart WiFi Controller v4

  2. Electra Central AC Smart WiFi Controller v5

Technical Details

The connection to the MQTT server used to control the AC over the Internet uses a password that is hardcoded into the firmware (i.e., it’s shared between all the units and can be easily obtained).

On top of that, the firmware on these versions (v4/v5) of the units is not updateable, so changing the password on the server without breaking functionality is not possible.

Timeline

  • 12-Mar-23
    : Public disclosure.
  • 12-Mar-23
    : CVE-2023-24501 assigned.
  • 30-Oct-22
    : Reported.

Posts

Credit