CVE-2024-7205

EPSS 0.5%
Veröffentlicht 31.07.2024 06:15:05
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 68870bb1-d075-4169-957d-e580b1
CVE-Watchlists
Login
Unerledigt
Login

sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercoolkit

≫

Produkt ewelink

Default Statusunknown

Version 0

Version < 2.19.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.387

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
68870bb1-d075-4169-957d-e580b18692b9	9.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:D/RE:L/U:Green

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://ewelink.cc/security-advisory-240730/

https://nvd.nist.gov/vuln/detail/CVE-2024-7205

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7205

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7205

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7205