cbcvebase.

Meatmeet Pro Wifi Bluetooth Meat Thermometer Firmware vulnerabilities

7 known vulnerabilities affecting meatmeet/meatmeet_pro_wifi_bluetooth_meat_thermometer_firmware.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-65823P2CRITICALCVSS 9.8v1.0.34.42025-12-10
CVE-2025-65823 [CRITICAL] CWE-798 CVE-2025-65823: The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the t The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were located in close physical
nvd
CVE-2025-65824P3HIGHCVSS 8.8v1.0.34.42025-12-10
CVE-2025-65824 [HIGH] CWE-306 CVE-2025-65824: An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the
nvd
CVE-2025-65821P3HIGHCVSS 7.5v1.0.34.42025-12-10
CVE-2025-65821 [HIGH] CWE-1191 CVE-2025-65821: As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary ca As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to reflash the device with their own firmware which may con
nvd
CVE-2025-65822P3MEDIUMCVSS 6.8v1.0.34.42025-12-10
CVE-2025-65822 [MEDIUM] CWE-1191 CVE-2025-65822: The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By lea The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be executed upon running. As a result, the victim will lo
nvd
CVE-2025-65829P4MEDIUMCVSS 6.8v1.0.34.42025-12-10
CVE-2025-65829 [MEDIUM] CWE-94 CVE-2025-65829: The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secur The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved in the Application Startup Flow. As a result, an atta
nvd
CVE-2025-65828P4MEDIUMCVSS 6.5v1.0.34.42025-12-10
CVE-2025-65828 [MEDIUM] CWE-306 CVE-2025-65828: An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-en
nvd
CVE-2025-65825P4MEDIUMCVSS 4.6v1.0.34.42025-12-10
CVE-2025-65825 [MEDIUM] CWE-311 CVE-2025-65825: The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and previous Wi-Fi networks. This information could be used to
nvd
Meatmeet Pro Wifi Bluetooth Meat Thermometer Firmware vulnerabilities | cvebase