EKEN Video Doorbell T6 Wi-Fi Credential Leakage to Cloud Servers

Vulnerability

A vulnerability exists in the EKEN video doorbell model T6, running the firmware version BT60PLUS_MAIN_V1.0_GC1084_20230531. The device periodically transmits debug logs to EKEN cloud servers via clear-text HTTP. These logs include sensitive information such as the Wi-Fi SSID and password. The vulnerability arises from the unencrypted transmission of personal data, which could be intercepted by an attacker monitoring the network traffic.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of Wi-Fi credentials, including the SSID and password, to EKEN cloud servers.

Added: Sep 30, 2025, 6:18 PM

Updated: Sep 30, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EKEN Video Doorbell T6 Wi-Fi Credential Leakage to Cloud Servers

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating