Security Experts:

Connect with us

Hi, what are you looking for?



Threat Actors Start Exploiting Meeting Owl Pro Vulnerability Days After Disclosure

Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.

Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.

Tracked as CVE-2022-31460 (CVSS score of 7.4), the security bug can be exploited to turn a vulnerable device into a rogue access point to the Wi-Fi network it is connected to.

Impacting Owl Labs’ Meeting Owl Pro and Whiteboard Owl devices, the issue exists because, when in access point (AP) mode, the devices do not disconnect from the Wi-Fi network, but instead start routing all traffic to the network.

The bug was discovered by security researchers with Modzero, who also found that the video conferencing devices create their AP with the hardcoded passcode “hoothoot,” and that the vulnerability can be exploited by an attacker within Bluetooth range without authentication.

On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) warned organizations that the vulnerability is already being exploited in the wild, while also adding the bug to its Known Exploited Vulnerabilities (KEV) catalog.

“Owl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value,” CISA warns.

While there do not appear to be any public reports describing such attacks, CISA clarified this week that it only adds vulnerabilities to its KEV catalog if it has reliable information about malicious exploitation. The agency has not shared any information about the attacks.

Patches that Owl Labs started rolling out this week disable the routing of network traffic when Meeting Owl Pro and Whiteboard Owl devices are in Wi-Fi AP tethering mode, which essentially prevents their use as rogue APs.

Modzero warned of four other vulnerabilities in Owl Labs’ devices, but these remain unpatched. The vendor said that the fix for CVE-2022-31460 should prevent exploitation attempts, but also confirmed that future updates would be addressing all issues.

The owners of Meeting Owl Pro and Whiteboard Owl video conferencing devices are advised to update to firmware version as soon as possible. CISA has instructed federal agencies to address the vulnerability by June 22.

Related: CISA Clarifies Criteria for Adding Vulnerabilities to ‘Must Patch’ List

Related: Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities

Related: CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.