<--

Attacker within WiFi range can cause unconfigured units to connect to a malicious update server

Aleph Research Advisory

Identifier

Severity

High

Product

Electra Central AC

Vulnerable Versions

  1. Electra Central AC Smart WiFi Controller v7

  2. Electra Central AC Smart WiFi Controller v8

Technical Details

An attacker located within the WiFi range of an unconfigured (i.e., not connected to the cloud) unit can communicate with the unit and cause the unit to connect to a malicious WiFi, that will redirect the unit to a malicous update server upon boot.

The malicious update server can be used to return arbitrary firmware that will be flashed onto the device.

Timeline

  • 12-Mar-23
    : Public disclosure.
  • 12-Mar-23
    : CVE-2023-24504 assigned.
  • 30-Oct-22
    : Reported.

Posts

Credit