CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7205 – sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
https://notcve.org/view.php?id=CVE-2024-7205
31 Jul 2024 — When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. • https://ewelink.cc/security-advisory-240730 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3130 – Insecure Data Storage leading to sensitive Information disclosure.
https://notcve.org/view.php?id=CVE-2024-3130
01 Apr 2024 — Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app Las credenciales codificadas en la aplicación CoolKit eWeLlink son anteriores a 5.4.x en Android e IOS, lo que permite a un atacante local acceder no autorizado a datos confidenciales a través del algoritmo de descifrado y la clave obtenida después de descompilar la aplicación. Hard-coded Credentials ... • https://ewelink.cc/security-advisories-and-notices • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6998 – Lockscreen bypass in eWeLink App
https://notcve.org/view.php?id=CVE-2023-6998
30 Dec 2023 — Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. Vulnerabilidad de administración de privilegios inadecuada en CoolKit Technology eWeLink en Android e iOS permite omitir la pantalla de bloqueo de la aplicación. Este problema afecta a eWeLink antes de 5.2.0. • https://cert.pl/en/posts/2023/12/CVE-2023-6998 • CWE-269: Improper Privilege Management CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27941
https://notcve.org/view.php?id=CVE-2021-27941
06 May 2021 — Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. El acceso web sin restricciones a la clave de cifrado privada del dispositivo en el modo de emparejamiento de código QR en la aplicación móvil eWeLink (versiones h... • https://apps.apple.com/us/app/ewelink-smart-home/id1035163158 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 2CVE-2020-12702
https://notcve.org/view.php?id=CVE-2020-12702
24 Feb 2021 — Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. Un cifrado débil en el modo Quick Pairing en la aplicación móvil eWeLink (aplicación Android versiones V4.9.2 y anteriores, aplicación iOS versiones V4.9.1 y anteriores), permite a atacantes pró... • https://github.com/salgio/ESPTouchCatcher • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •