Meatmeet Pro Mobile Application Hardcoded Wi-Fi Credentials Vulnerability

A vulnerability exists in the Meatmeet Pro mobile application version 1.1.2.0, where hardcoded Wi-Fi credentials for the vendor's development network are stored within the app. This could allow an attacker to access the vendor's Wi-Fi network if they retrieve these credentials and locate the physical network. Furthermore, if the attacker is in close proximity to the device during its initial setup, they might manipulate the device to connect automatically to a malicious access point by matching the SSID and password to those embedded in the firmware.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the vendor's Wi-Fi network. Additionally, an attacker could intercept and manipulate network traffic from the mobile application, potentially compromising the user's Meatmeet account by capturing authentication tokens or exploiting the application's use of the insecure MD5 hashing algorithm for passwords.

Reproduction

The vulnerability can be reproduced by disassembling the Meatmeet Pro BBQ Thermometer, connecting to it via UART, and dumping the firmware. The extracted NVS partition will reveal the hardcoded Wi-Fi credentials. Once obtained, an attacker can force the device to connect to a rogue access point by using the same SSID and password as the one found in the firmware.