https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 07:29:12 +0000 https://vulnerability.circl.lu/sighting/e8f5da1b-1f98-457a-a90c-2c2a86fc87f2/export {"uuid": "e8f5da1b-1f98-457a-a90c-2c2a86fc87f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "seen", "source": "https://t.me/ctinow/172317", "content": "https://ift.tt/8OenbjF\nCVE-2023-46889", "creation_timestamp": "2024-01-23T21:26:27.000000Z"} {"uuid": "e8f5da1b-1f98-457a-a90c-2c2a86fc87f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "seen", "source": "https://t.me/ctinow/172317", "content": "https://ift.tt/8OenbjF\nCVE-2023-46889", "creation_timestamp": "2024-01-23T21:26:27.000000Z"} https://vulnerability.circl.lu/sighting/e8f5da1b-1f98-457a-a90c-2c2a86fc87f2/export Tue, 23 Jan 2024 21:26:27 +0000 https://vulnerability.circl.lu/sighting/38a71e26-5687-4733-8391-dfe94d58399f/export {"uuid": "38a71e26-5687-4733-8391-dfe94d58399f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "seen", "source": "https://t.me/ctinow/186928", "content": "https://ift.tt/t9hFpTl\nCVE-2023-46889 | Meross MSH30Q up to 4.5.23 Device Setup cleartext transmission", "creation_timestamp": "2024-02-17T14:06:56.000000Z"} {"uuid": "38a71e26-5687-4733-8391-dfe94d58399f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "seen", "source": "https://t.me/ctinow/186928", "content": "https://ift.tt/t9hFpTl\nCVE-2023-46889 | Meross MSH30Q up to 4.5.23 Device Setup cleartext transmission", "creation_timestamp": "2024-02-17T14:06:56.000000Z"} https://vulnerability.circl.lu/sighting/38a71e26-5687-4733-8391-dfe94d58399f/export Sat, 17 Feb 2024 14:06:56 +0000 https://vulnerability.circl.lu/sighting/4dfaec70-0fde-4cae-92d4-d9ae3f340467/export {"uuid": "4dfaec70-0fde-4cae-92d4-d9ae3f340467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18617", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46889\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.\n\ud83d\udccf Published: 2024-01-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T16:11:54.038Z\n\ud83d\udd17 References:\n1. https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", "creation_timestamp": "2025-06-17T16:41:11.000000Z"} {"uuid": "4dfaec70-0fde-4cae-92d4-d9ae3f340467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46889", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18617", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46889\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.\n\ud83d\udccf Published: 2024-01-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T16:11:54.038Z\n\ud83d\udd17 References:\n1. https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219", "creation_timestamp": "2025-06-17T16:41:11.000000Z"} https://vulnerability.circl.lu/sighting/4dfaec70-0fde-4cae-92d4-d9ae3f340467/export Tue, 17 Jun 2025 16:41:11 +0000