CRITICAL🇵🇱 Wersja polska

CVE-2024-5743

CVSS 9.8v3.1pub. 2025-01-13upd. 2026-04-15

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.

🤖 AI Analysis
How it works

The EveHome Eve Play device stores or processes passwords using a hash function with insufficient computational cost (CWE-916), which significantly facilitates their reversal through brute force or dictionary methods. Credentials obtained this way can be used by an attacker to take control of the device and execute arbitrary code (RCE). The vulnerability is accessible remotely over the network and does not require any privileges or user interaction.

Impact

An attacker can gain full control over the EveHome Eve Play device by executing arbitrary code remotely, which threatens the confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://www.evehome.com/en-us/security-content). It is recommended to immediately update the device firmware to a version higher than 1.1.42 as soon as it is made available by the manufacturer.

Who is affected

EveHome Eve Play in all versions up to and including 1.1.42.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References