Vulnerabilities > Ecobee

DATE CVE VULNERABILITY TITLE RISK
2021-08-03 CVE-2021-27952 Use of Hard-coded Credentials vulnerability in Ecobee Ecobee3 Lite Firmware 4.5.81.200
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device.
network
low complexity
ecobee CWE-798
5.0
2021-08-03 CVE-2021-27953 NULL Pointer Dereference vulnerability in Ecobee Ecobee3 Lite Firmware 4.5.81.200
A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process.
network
low complexity
ecobee CWE-476
7.8
2021-08-03 CVE-2021-27954 Out-of-bounds Write vulnerability in Ecobee Ecobee3 Lite Firmware 4.5.81.200
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process.
network
low complexity
ecobee CWE-787
6.4
2020-04-14 CVE-2018-6402 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ecobee Ecobee4 Firmware 4.2.0.171
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal.
2.9