Meatmeet Pro BBQ Thermometer Flash Encryption Vulnerability Allowing Wi-Fi Credential Extraction
Vulnerability
A vulnerability exists in the Meatmeet Pro BBQ Thermometer firmware, specifically in version 1.0.34.4, due to the absence of encryption. This flaw enables an adversary with physical access to the device to disassemble it, connect via UART, and extract the firmware. Analysis of the firmware can reveal unencrypted Wi-Fi credentials from the NVS partition, potentially allowing unauthorized access to the user's Wi-Fi network.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the victim's Wi-Fi network by extracting Wi-Fi credentials from the device's firmware.
Reproduction
The vulnerability can be reproduced by disassembling the Meatmeet Pro BBQ Thermometer to access the internal circuit board. Once disassembled, the device can be connected to a computer via a USB-UART adapter. After putting the device into download mode, the firmware can be dumped using the 'esptool' command. The extracted firmware can then be analyzed to retrieve Wi-Fi credentials using a string search command.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.