← back
CVE-2024-7206

Firmware extraction and Hardware SSL Pinning Bypass

CVSS 7 HIGHEPSS 0.2%CWE-295CWE-798
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
eWeLink · Zigbee Bridge Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ewelink.cc/security-advisory-firmware-extraction-and-hardware-ssl-pinning-bypass/