{"uuid": "4dfaec70-0fde-4cae-92d4-d9ae3f340467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18617", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46889\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.\n\ud83d\udccf Published: 2024-01-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T16:11:54.038Z\n\ud83d\udd17 References:\n1. https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", "creation_timestamp": "2025-06-17T16:41:11.000000Z"}