Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks

CISA says Owl Labs video conferencing device vulnerabilities that require the attacker to be in close range exploited in attacks

Owl Labs vulnerabilities exploited

The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices — flaws that require the attacker to be in close range of the target — have been exploited in attacks. 

CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.

Two of the security holes affect Realtek (CVE-2014-8361) and Zyxel (CVE-2017-6884) products and they are known to have been exploited by botnets. Another vulnerability added by CISA to its catalog is CVE-2021-3129, a Laravel vulnerability for which exploitation attempts were first seen in 2021. The fourth is CVE-2022-22265, a Samsung Android vulnerability that Google said had been exploited in the wild since early 2021. 

Threat intelligence firm GreyNoise has confirmed that the Realtek, Zyxel and Laravel vulnerabilities are still being targeted in attacks

The remaining four vulnerabilities added by CISA to its KEV list impact Owl Labs’ Meeting Owl video conferencing product. The device, shaped like an owl, features a 360° conference camera, a mic, and a speaker, and the vendor says it gets smarter over time.

The Meeting Owl vulnerabilities were discovered last year by researchers at Swiss cybersecurity firm Modzero. They include inadequate encryption, missing authentication, hardcoded credentials, and improper authentication issues. 

Exploitation of these flaws can allow an attacker to take control of the targeted Meeting Owl device and turn it into a rogue access point.

However, for each vulnerability, Modzero noted in its technical report that an attacker needs to be in Bluetooth range — and in some cases in Wi-Fi range — of the targeted Meeting Owl device for exploitation. 

Advertisement. Scroll to continue reading.

Owl Labs released patches for the vulnerabilities in the summer of 2022, shortly after the issues were publicly disclosed by Modzero. 

When Modzero published its research, it said five CVE identifiers had been assigned to the discovered vulnerabilities. One of them was added by CISA to its KEV catalog shortly after disclosure and the remaining four were added this week. 

Exploiting vulnerabilities that require the attacker to be in close physical range involves significant preparation. These types of attacks would likely be conducted by a highly motivated and sophisticated attacker as part of an espionage campaign rather than as part of opportunistic operations. 

Owl Labs says more than 150,000 organizations across 156 countries use its technology, including a vast majority of Fortune 100 companies, as well as government organizations and educational institutions. 

There do not appear to be any public reports describing attacks involving exploitation of Owl Labs product vulnerabilities, but CISA clarified in the past that only flaws for which it has reliable evidence of exploitation in the wild are added to its KEV catalog. 

SecurityWeek has reached out to both CISA and Owl Labs for more information. Based on its brief initial response, Owl Labs does not appear to be aware of any attacks. The company is looking into the matter with CISA and waiting to hear back from the agency. 

Related: Regulators Urge Video Conferencing Companies to Improve Security, Privacy

Related: 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

Related: Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...