The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were located in close physical proximity to the device when it was first set up, they may be able to force the device to auto-connect to an attacker-controlled access point by setting the SSID and password to the same as which was found in the firmware file.
Hardcoded login credentials (SSID and password) to the Wi-Fi network used during device manufacturing were discovered in the Meatmeet Pro firmware. An attacker who obtains the firmware file and physically locates the manufacturer's Wi-Fi network can gain unauthorized access to it. Additionally, an attacker in physical proximity to the device at the moment of its initial configuration can set up their own access point with an identical SSID and password — the device will then automatically connect to the attacker's network instead of the manufacturer's network.
An attacker can gain unauthorized access to the manufacturer's Wi-Fi network or conduct an evil twin attack, forcing the device to connect to an access point controlled by the attacker, which may lead to interception of device communications.
Patches available from the manufacturer should be applied according to references. As an interim risk mitigation measure, it is recommended to isolate the Wi-Fi network to which the device is connected and monitor unauthorized connections. The manufacturer should release updated firmware with hardcoded credentials removed.
Meatmeet Pro Wifi & Bluetooth Meat Thermometer and associated firmware — specific firmware versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMeatmeet Pro Wifi \& Bluetooth Meat Thermometer
HWMeatmeetwszystkie wersjeMeatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware
OSMeatmeet1.0.34.4
Related vulnerabilities
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the...
An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (...
The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG ...
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Mea...
An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth ...