CVE Vulnerabilities

CVE-2023-24502

Inadequate Encryption Strength

Published: Apr 17, 2023 | Modified: Apr 27, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Electra Central AC unit – The unit opens an AP with an easily calculated password.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Central_ac_unit_firmware Electra-air v4 (including) v4 (including)
Central_ac_unit_firmware Electra-air v5 (including) v5 (including)
Central_ac_unit_firmware Electra-air v7 (including) v7 (including)
Central_ac_unit_firmware Electra-air v8 (including) v8 (including)

Potential Mitigations

References