Lucene search

68870bb1-d075-4169-957d-e580b18692b9CVE-2024-3130

HistoryApr 01, 2024 - 10:15 a.m.

CVE-2024-3130

2024-04-0110:15:07

CWE-798

68870bb1-d075-4169-957d-e580b18692b9

web.nvd.nist.gov

hard-coded credentials

coolkit ewelink app

decryption algorithm

decompiling

android

ios

sensitive data access

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

2.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

8.7%

JSON

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app

References

ewelink.cc/security-advisories-and-notices/

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

2.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2024-3130

cvelist1