CRITICAL🇵🇱 Wersja polska

CVE-2025-65823

CVSS 9.8v3.1pub. 2025-12-10upd. 2026-01-21

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were located in close physical proximity to the device when it was first set up, they may be able to force the device to auto-connect to an attacker-controlled access point by setting the SSID and password to the same as which was found in the firmware file.

🤖 AI Analysis
How it works

Hardcoded login credentials (SSID and password) to the Wi-Fi network used during device manufacturing were discovered in the Meatmeet Pro firmware. An attacker who obtains the firmware file and physically locates the manufacturer's Wi-Fi network can gain unauthorized access to it. Additionally, an attacker in physical proximity to the device at the moment of its initial configuration can set up their own access point with an identical SSID and password — the device will then automatically connect to the attacker's network instead of the manufacturer's network.

Impact

An attacker can gain unauthorized access to the manufacturer's Wi-Fi network or conduct an evil twin attack, forcing the device to connect to an access point controlled by the attacker, which may lead to interception of device communications.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. As an interim risk mitigation measure, it is recommended to isolate the Wi-Fi network to which the device is connected and monitor unauthorized connections. The manufacturer should release updated firmware with hardcoded credentials removed.

Who is affected

Meatmeet Pro Wifi & Bluetooth Meat Thermometer and associated firmware — specific firmware versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Meatmeet Pro Wifi \& Bluetooth Meat Thermometer

    HW
    Meatmeet
    wszystkie wersje
  • Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware

    OS
    Meatmeet
    1.0.34.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65821HIGH7.5ten sam produkt

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the...

CVE-2025-65824HIGH8.8ten sam produkt

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (...

CVE-2025-65822MEDIUM6.8ten sam produkt

The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG ...

CVE-2025-65825MEDIUM4.6ten sam produkt

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Mea...

CVE-2025-65828MEDIUM6.5ten sam produkt

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth ...