Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks

CISA says Owl Labs video conferencing device vulnerabilities that require the attacker to be in close range exploited in attacks

Video conferencing vulnerabilities

The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices — flaws that require the attacker to be in close range of the target — have been exploited in attacks. 

CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.

Two of the security holes affect Realtek (CVE-2014-8361) and Zyxel (CVE-2017-6884) products and they are known to have been exploited by botnets. Another vulnerability added by CISA to its catalog is CVE-2021-3129, a Laravel vulnerability for which exploitation attempts were first seen in 2021. The fourth is CVE-2022-22265, a Samsung Android vulnerability that Google said had been exploited in the wild since early 2021. 

Threat intelligence firm GreyNoise has confirmed that the Realtek, Zyxel and Laravel vulnerabilities are still being targeted in attacks

The remaining four vulnerabilities added by CISA to its KEV list impact Owl Labs’ Meeting Owl video conferencing product. The device, shaped like an owl, features a 360° conference camera, a mic, and a speaker, and the vendor says it gets smarter over time.

The Meeting Owl vulnerabilities were discovered last year by researchers at Swiss cybersecurity firm Modzero. They include inadequate encryption, missing authentication, hardcoded credentials, and improper authentication issues. 

Exploitation of these flaws can allow an attacker to take control of the targeted Meeting Owl device and turn it into a rogue access point.

However, for each vulnerability, Modzero noted in its technical report that an attacker needs to be in Bluetooth range — and in some cases in Wi-Fi range — of the targeted Meeting Owl device for exploitation. 

Owl Labs released patches for the vulnerabilities in the summer of 2022, shortly after the issues were publicly disclosed by Modzero. 

Advertisement. Scroll to continue reading.

When Modzero published its research, it said five CVE identifiers had been assigned to the discovered vulnerabilities. One of them was added by CISA to its KEV catalog shortly after disclosure and the remaining four were added this week. 

Exploiting vulnerabilities that require the attacker to be in close physical range involves significant preparation. These types of attacks would likely be conducted by a highly motivated and sophisticated attacker as part of an espionage campaign rather than as part of opportunistic operations. 

Owl Labs says more than 150,000 organizations across 156 countries use its technology, including a vast majority of Fortune 100 companies, as well as government organizations and educational institutions. 

There do not appear to be any public reports describing attacks involving exploitation of Owl Labs product vulnerabilities, but CISA clarified in the past that only flaws for which it has reliable evidence of exploitation in the wild are added to its KEV catalog. 

SecurityWeek has reached out to both CISA and Owl Labs for more information. Based on its brief initial response, Owl Labs does not appear to be aware of any attacks. The company is looking into the matter with CISA and waiting to hear back from the agency.

UPDATE on 10/06/2023: CISA has decided to remove the Owl Labs CVEs from the KEV catalog.

Related: Regulators Urge Video Conferencing Companies to Improve Security, Privacy

Related: 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

Related: Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.