Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12702
Reference (s):
- https://dl.acm.org/doi/abs/10.1145/3411498.3419965
- https://github.com/salgio/ESPTouchCatcher
- https://play.google.com/store/apps/details?id=com.coolkit&hl=en_US
- https://www.youtube.com/watch?v=DghYH7WY6iE&feature=youtu.be