Sensitive SSH Keys Exposed in homee Brain Cube v2 Firmware: Remote Proxy Exploitation

Sensitive SSH Keys Exposed in homee Brain Cube v2 Firmware: Remote Proxy Exploitation

CVE-2020-24396 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.

Learn more about our Cis Benchmark Audit For Server Software.