CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

EUVD-2024-31731

Malicious code in bioql PyPI...

EUVD-2024-48173

Malicious code in bioql PyPI...

EUVD-2024-48174

Malicious code in bioql PyPI...

EUVD-2023-59190

Malicious code in bioql PyPI...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2020-12702

Weak encryption in the Quick Pairing mode in the eWeLink mobile application Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during th...

CVE-2024-7206

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-7206

CVE-2024-7206 corresponds to a vulnerability in eWeLink hardware where SSL pinning can be bypassed. The connected sources indicate that a local attacker can decrypt TLS communications and extract secrets to clone the device by flashing modified firmware. The CNNVD entry specifies the vulnerabilit...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

eWeLink 安全漏洞

eWeLink is a smart home assistant from eWeLink, Inc. A security vulnerability exists in eWeLink version 2.0.0 and prior versions that stems from SSL Pinning bypassing certain hardware products, allowing a local attacker to decrypt TLS communications and extract secrets in order to clone the devic...

CVE-2024-7205

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information...

CVE-2024-7205

CVE-2024-7205 affects eWeLink Cloud Service, specifically the homepage module prior to version 2.19.0. When a device is shared, a secondary user can take over control as the primary user by disclosed unnecessary device-sensitive information. The CVSS data in the initial document indicates high im...

CVE-2024-7205 sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information...

PT-2024-38166

Name of the Vulnerable Software and Affected Versions: eWeLink Cloud Service versions prior to 2.19.0 eWeLink Cloud Service versions up to 2.18.x Description: When a device is shared, the homepage module in eWeLink Cloud Service allows a secondary user to take over devices as a primary user by...

eWeLink 安全漏洞

eWeLink is a smart home assistant from eWeLink, Inc. A security vulnerability exists in eWeLink versions prior to 2.19.0, which stems from a vulnerability that allows a secondary user to take over a device to become the primary user by sharing unnecessary sensitive information about the device wh...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130

CVE-2024-3130 affects CoolKit eWeLlink app prior to 5.4.x. The vulnerability is due to hard-coded credentials in the Android/iOS client, enabling a local attacker to access sensitive data via a decryption algorithm and a key obtainable after decompiling the app. Impact is confidential data exposu...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CoolKit eWeLlink 安全漏洞

CoolKit eWeLlink is an application platform from CoolKit, Inc. It is used to connect to a wide range of smart hardware. A security vulnerability exists in CoolKit eWeLlink versions prior to 5.4.x, which stems from the presence of hard-coded credentials in the application, allowing a local attacke...