CVE-2025-69822
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-02-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atomberg | erica_smart_fan_firmware | 1.0.36 |
| atomberg | erica_smart_fan | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Atomberg Erica Smart Fan Firmware Version 1.0.36 allows an attacker to send crafted deauthentication frames, which are fake signals that disconnect the device from its network. The device lacks protection against these forged frames and does not have fallback or reconnection validation processes, making it possible for attackers to disrupt the device's network connectivity and operation. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to disrupt the availability and reliable operation of the Atomberg Erica Smart Fan. By sending crafted deauth frames, attackers can disconnect the device from its network, causing denial of service or loss of control over the device. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for forged deauthentication frames targeting the Atomberg Erica Smart Fan running Firmware Version 1.0.36. Network traffic analysis tools such as Wireshark or tcpdump can be used to capture and analyze deauth frames. Commands like 'tcpdump -i <interface> type mgt subtype deauth' can help identify suspicious deauthentication frames on the network. Additionally, reviewing logs for unexpected disconnections of the device may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating the affected Atomberg Erica Smart Fan devices from untrusted networks to prevent attackers from sending forged deauthentication frames. Applying any available firmware updates from the vendor that address this issue is recommended once released. In the meantime, monitoring network traffic for suspicious deauth frames and implementing wireless network protections such as management frame protection (802.11w) can help reduce the risk. [1]