Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.
Tracked as CVE-2022-31460 (CVSS score of 7.4), the security bug can be exploited to turn a vulnerable device into a rogue access point to the Wi-Fi network it is connected to.
Impacting Owl Labs’ Meeting Owl Pro and Whiteboard Owl devices, the issue exists because, when in access point (AP) mode, the devices do not disconnect from the Wi-Fi network, but instead start routing all traffic to the network.
The bug was discovered by security researchers with Modzero, who also found that the video conferencing devices create their AP with the hardcoded passcode “hoothoot,” and that the vulnerability can be exploited by an attacker within Bluetooth range without authentication.
On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) warned organizations that the vulnerability is already being exploited in the wild, while also adding the bug to its Known Exploited Vulnerabilities (KEV) catalog.
“Owl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value,” CISA warns.
While there do not appear to be any public reports describing such attacks, CISA clarified this week that it only adds vulnerabilities to its KEV catalog if it has reliable information about malicious exploitation. The agency has not shared any information about the attacks.
Patches that Owl Labs started rolling out this week disable the routing of network traffic when Meeting Owl Pro and Whiteboard Owl devices are in Wi-Fi AP tethering mode, which essentially prevents their use as rogue APs.
Modzero warned of four other vulnerabilities in Owl Labs’ devices, but these remain unpatched. The vendor said that the fix for CVE-2022-31460 should prevent exploitation attempts, but also confirmed that future updates would be addressing all issues.
The owners of Meeting Owl Pro and Whiteboard Owl video conferencing devices are advised to update to firmware version 5.4.1.4 as soon as possible. CISA has instructed federal agencies to address the vulnerability by June 22.
Related: CISA Clarifies Criteria for Adding Vulnerabilities to ‘Must Patch’ List
Related: Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities
Related: CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices