Filtered by vendor Meatmeet
Subscriptions
Filtered by product Meatmeet
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65825 | 1 Meatmeet | 1 Meatmeet | 2025-12-11 | 4.6 Medium |
| The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and previous Wi-Fi networks. This information could be used to gain unauthorized access to the victim's Wi-Fi network. | ||||
| CVE-2025-65820 | 2 Google, Meatmeet | 2 Android, Meatmeet | 2025-12-11 | 9.8 Critical |
| An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your account, two of which have not been publicly released. As a result of this vulnerability, the attacker can gain insight into unreleased Meatmeet devices. | ||||
| CVE-2025-65824 | 1 Meatmeet | 1 Meatmeet | 2025-12-11 | 8.8 High |
| An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet. | ||||
| CVE-2025-65832 | 1 Meatmeet | 1 Meatmeet | 2025-12-11 | 4.6 Medium |
| The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account. | ||||
Page 1 of 1.