An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42.
The EveHome Eve Play device stores or processes passwords using a hash function with insufficient computational cost (CWE-916), which significantly facilitates their reversal through brute force or dictionary methods. Credentials obtained this way can be used by an attacker to take control of the device and execute arbitrary code (RCE). The vulnerability is accessible remotely over the network and does not require any privileges or user interaction.
An attacker can gain full control over the EveHome Eve Play device by executing arbitrary code remotely, which threatens the confidentiality, integrity, and availability of the system.
Apply patches available from the manufacturer according to references (https://www.evehome.com/en-us/security-content). It is recommended to immediately update the device firmware to a version higher than 1.1.42 as soon as it is made available by the manufacturer.
EveHome Eve Play in all versions up to and including 1.1.42.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H