Skip to main content

Ecobee3 Lite Firmware

3 CVEs product

Monthly

CVE-2021-27954 HIGH POC This Week

A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ecobee3 Lite Firmware
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2021-27953 HIGH POC This Week

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ecobee3 Lite Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27952 CRITICAL POC Act Now

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ecobee3 Lite Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 8.2
HIGH POC This Week

A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ecobee3 Lite Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ecobee3 Lite Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy