Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Threat Actors Start Exploiting Meeting Owl Pro Vulnerability Days After Disclosure

Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.

Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.

Tracked as CVE-2022-31460 (CVSS score of 7.4), the security bug can be exploited to turn a vulnerable device into a rogue access point to the Wi-Fi network it is connected to.

Impacting Owl Labs’ Meeting Owl Pro and Whiteboard Owl devices, the issue exists because, when in access point (AP) mode, the devices do not disconnect from the Wi-Fi network, but instead start routing all traffic to the network.

The bug was discovered by security researchers with Modzero, who also found that the video conferencing devices create their AP with the hardcoded passcode “hoothoot,” and that the vulnerability can be exploited by an attacker within Bluetooth range without authentication.

On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) warned organizations that the vulnerability is already being exploited in the wild, while also adding the bug to its Known Exploited Vulnerabilities (KEV) catalog.

“Owl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value,” CISA warns.

While there do not appear to be any public reports describing such attacks, CISA clarified this week that it only adds vulnerabilities to its KEV catalog if it has reliable information about malicious exploitation. The agency has not shared any information about the attacks.

Patches that Owl Labs started rolling out this week disable the routing of network traffic when Meeting Owl Pro and Whiteboard Owl devices are in Wi-Fi AP tethering mode, which essentially prevents their use as rogue APs.

Modzero warned of four other vulnerabilities in Owl Labs’ devices, but these remain unpatched. The vendor said that the fix for CVE-2022-31460 should prevent exploitation attempts, but also confirmed that future updates would be addressing all issues.

The owners of Meeting Owl Pro and Whiteboard Owl video conferencing devices are advised to update to firmware version as soon as possible. CISA has instructed federal agencies to address the vulnerability by June 22.

Related: CISA Clarifies Criteria for Adding Vulnerabilities to ‘Must Patch’ List

Related: Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities

Related: CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...