Meatmeet Meatmeet_pro_wifi_\&_bluetooth_meat_thermometer
7 CVEs affecting Meatmeet Meatmeet_pro_wifi_\&_bluetooth_meat_thermometer. Latest disclosed: 2025-12-10. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-65823 | Critical | 9.8 | 2025-12-10 | The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved t… |
CVE-2025-65824 | High | 8.8 | 2025-12-10 | An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy… |
CVE-2025-65821 | High | 7.5 | 2025-12-10 | As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive inf… |
CVE-2025-65829 | Medium | 6.8 | 2025-12-10 | The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authentic… |
CVE-2025-65822 | Medium | 6.8 | 2025-12-10 | The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an at… |
CVE-2025-65828 | Medium | 6.5 | 2025-12-10 | An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would res… |
CVE-2025-65825 | Medium | 4.6 | 2025-12-10 | The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect… |