[Suggested description]
An issue was discovered in WiZ Colors A60 1.14.0.
Wi-Fi credentials are stored in cleartext in flash memory, which
presents an information-disclosure risk for a discarded or resold device.

------------------------------------------

[Additional Information]
Wi-Fi credentials are stored in plain-text on the light bulb. These
credentials can be obtained by reading the flash memory directly using
a logic analyzer. This means the Wi-Fi login credentials of the
previous owner can be found in the memory capture when the device is
bought second-hand, or retrieved from a trashcan.

------------------------------------------

[VulnerabilityType Other]
Information disclosure

------------------------------------------

[Vendor of Product]
WiZ Connected

------------------------------------------

[Affected Product Code Base]
WiZ Colors A60 - 1.14.0

------------------------------------------

[Affected Component]
WiZ Colors A60

------------------------------------------

[Attack Type]
Physical

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
Physical, access to the chip is required.

------------------------------------------

[Reference]
N/A

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Jasper Nota, Willem Westerhof, Wouter Wessels, Jim Blankendaal from Qbit in assignment of the Consumentenbond.
Use CVE-2020-11924.