← volver
CVE-2024-7205

sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

CVSS 9.4 CRITICALEPSS 0.5%CWE-201
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
31 jul 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:D/RE:L/U:Green
Productos afectados
CoolKit · eWeLink Cloud Service

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://ewelink.cc/security-advisory-240730/