3 matches found
CVE-2020-12702
CVE-2020-12702 concerns weak encryption in the Quick Pairing mode of the eWeLink mobile app (Android v4.9.2 and earlier; iOS v4.9.1 and earlier). The root cause is insufficient protection during the pairing process, enabling physically proximate attackers to eavesdrop on Wi‑Fi credentials and oth...
CVE-2023-6998
CVE-2023-6998 describes an improper privilege management vulnerability in CoolKit Technology’s eWeLink app for Android and iOS, where versions prior to 5.2.0 allow a lockscreen bypass. The issue is characterized as a local vulnerability with no user interaction required, potentially affecting con...
CVE-2021-27941
The CVE-2021-27941 entry pertains to the eWeLink mobile application (QR code pairing mode) where unconstrained web access to the device’s private encryption key could let a physically proximate attacker monitor a device pairing process and eavesdrop on Wi‑Fi credentials and other sensitive inform...