Vulnerabilities > CVE-2021-27953 - NULL Pointer Dereference vulnerability in Ecobee Ecobee3 Lite Firmware 4.5.81.200

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

ecobee

CWE-476

NVD

Published: 2021-08-03

Updated: 2021-08-11

Summary

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.

Vulnerable Configurations

Part	Description	Count
OS	Ecobee Ecobee Ecobee3 Lite Firmware 4.5.81.200	1
Hardware	Ecobee Ecobee Ecobee3 Lite -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.l9group.com/advisories/remote-denial-of-service-of-ecobee3-lite