Ecobee Ecobee3 Lite Firmware vulnerabilities
3 known vulnerabilities affecting ecobee/ecobee3_lite_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-27952P2CRITICALCVSS 9.8v4.5.81.2002021-08-03
CVE-2021-27952 [CRITICAL] CWE-798 CVE-2021-27952: Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
nvd
CVE-2021-27954P3HIGHCVSS 8.2v4.5.81.2002021-08-03
CVE-2021-27954 [HIGH] CWE-787 CVE-2021-27954: A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKPro
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service.
nvd
CVE-2021-27953P3HIGHCVSS 7.5v4.5.81.2002021-08-03
CVE-2021-27953 [HIGH] CWE-476 CVE-2021-27953: A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.
nvd