{"vulnerability": "CVE-2020-28952", "sightings": [{"uuid": "c89274b7-9271-4f34-a869-014255db83fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28952", "type": "seen", "source": "https://t.me/cibsecurity/24645", "content": "\u203c CVE-2020-28952 \u203c\n\nAn issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely known key that is designed for testing purposes: \"01030507090b0d0f00020406080a0c0d\" (the decimal equivalent of 1 3 5 7 9 11 13 15 0 2 4 6 8 10 12 13), which is human generated and static across all issued devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T22:51:51.000000Z"}]}