// For flags

CVE-2024-7408

Information Disclosure Vulnerability in Airveda Air Quality Monitor

Severity Score

8.6
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.

Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.

*Credits: This vulnerability is reported by Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad Campus
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
High
Integrity
None
High
Availability
High
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-08-02 CVE Reserved
  • 2024-08-09 CVE Published
  • 2024-08-12 CVE Updated
  • 2024-08-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
  • CAPEC-65: Sniff Application Code
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Airveda
Search vendor "Airveda"
 Air Quality Monitor PM2.5 PM10
Search vendor "Airveda" for product "Air Quality Monitor PM2.5 PM10"
 < 7.4.4.39
Search vendor "Airveda" for product "Air Quality Monitor PM2.5 PM10" and version " < 7.4.4.39"
en
Affected