CVE-2025-69822
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-02-02

Assigner: MITRE

Description
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69822
EUVD
EUVD-2026-4118
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
atomberg erica_smart_fan_firmware 1.0.36
atomberg erica_smart_fan *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Atomberg Erica Smart Fan Firmware Version 1.0.36 allows an attacker to send crafted deauthentication frames, which are fake signals that disconnect the device from its network. The device lacks protection against these forged frames and does not have fallback or reconnection validation processes, making it possible for attackers to disrupt the device's network connectivity and operation. [1]

Impact Analysis

The vulnerability can impact you by allowing attackers to disrupt the availability and reliable operation of the Atomberg Erica Smart Fan. By sending crafted deauth frames, attackers can disconnect the device from its network, causing denial of service or loss of control over the device. [1]

Detection Guidance

This vulnerability can be detected by monitoring for forged deauthentication frames targeting the Atomberg Erica Smart Fan running Firmware Version 1.0.36. Network traffic analysis tools such as Wireshark or tcpdump can be used to capture and analyze deauth frames. Commands like 'tcpdump -i <interface> type mgt subtype deauth' can help identify suspicious deauthentication frames on the network. Additionally, reviewing logs for unexpected disconnections of the device may indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include isolating the affected Atomberg Erica Smart Fan devices from untrusted networks to prevent attackers from sending forged deauthentication frames. Applying any available firmware updates from the vendor that address this issue is recommended once released. In the meantime, monitoring network traffic for suspicious deauth frames and implementing wireless network protections such as management frame protection (802.11w) can help reduce the risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69822. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart