CVE-2024-7205
- EPSS 0.2%
- Veröffentlicht 31.07.2024 06:15:05
- Zuletzt bearbeitet 31.07.2024 15:15:10
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
CVE-2023-6998
- EPSS 0.01%
- Veröffentlicht 30.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:45:00
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
CVE-2021-27941
- EPSS 0.05%
- Veröffentlicht 06.05.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 05:58:52
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials...
CVE-2020-12702
- EPSS 0.43%
- Veröffentlicht 24.02.2021 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:00:06
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive infor...