Vulnerabilities > CVE-2020-7232 - Unspecified vulnerability in Evoko Home 1.31/1.37
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |