Anova sous-vide: its worse

Continued from the earlier post (guess this stream burn my house down)

The user manual is hf-lpb100u_user_manual-v1-1 . You can make it fetch and execute a new firmware from anywhere in the world (over http only of course). without authentication.

You can also cause it to become a WiFi STA (access point) and generally hijack other wifi traffic. Or just ARP poison it to come here. So its a general telemtry point in the house.

To 'increase the security' they removed the / page of the web, but all the sub pages are there (http://172.16.0.128/iweb.html for example).

Sigh. Tin-foil hat don't fail me now, i got some internal firewall changes to make.

Leave a Reply

Your email address will not be published. Required fields are marked *

*