CVE-2025-69822
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-69822, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-02-02

Assigner: MITRE

Description

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-02-02
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
atomberg erica_smart_fan_firmware 1.0.36
atomberg erica_smart_fan *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Atomberg Erica Smart Fan Firmware Version 1.0.36 allows an attacker to send crafted deauthentication frames, which are fake signals that disconnect the device from its network. The device lacks protection against these forged frames and does not have fallback or reconnection validation processes, making it possible for attackers to disrupt the device's network connectivity and operation. [1]

Impact Analysis

The vulnerability can impact you by allowing attackers to disrupt the availability and reliable operation of the Atomberg Erica Smart Fan. By sending crafted deauth frames, attackers can disconnect the device from its network, causing denial of service or loss of control over the device. [1]

Detection Guidance

This vulnerability can be detected by monitoring for forged deauthentication frames targeting the Atomberg Erica Smart Fan running Firmware Version 1.0.36. Network traffic analysis tools such as Wireshark or tcpdump can be used to capture and analyze deauth frames. Commands like 'tcpdump -i <interface> type mgt subtype deauth' can help identify suspicious deauthentication frames on the network. Additionally, reviewing logs for unexpected disconnections of the device may indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include isolating the affected Atomberg Erica Smart Fan devices from untrusted networks to prevent attackers from sending forged deauthentication frames. Applying any available firmware updates from the vendor that address this issue is recommended once released. In the meantime, monitoring network traffic for suspicious deauth frames and implementing wireless network protections such as management frame protection (802.11w) can help reduce the risk. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69822. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart