CVE-2025-6521
TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm
During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials.
CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Produtos afetados
TrendMakers · Sight Bulb Pro Firmware ZJ_CG32-2201Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →