Security Advisory - Weak Session Key Generation Algorithm

Release Date: Nov 19, 2019

Severity:

Medium

CVSS (Base Score):

4.8 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitation conditions:

Man-in-the-middle attack between device and server

Threat:

Decryption and modification of transmitted data

Impact Scope:

Products affected by the Bug include:

-The module using the ESP8266 and the version before 5.55.

-The module using the 8710BN, and the version is before 30.08.

Remediation:

-Upgrade ESP8266 baseline to version 5.55 or higher.

-Upgrade 8710BN baseline to version 30.08 or higher.

© 2014-2019 Tuya Inc. All rights reserved.