CVE-2024-7205
sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:D/RE:L/U:Green
Affected products
CoolKit · eWeLink Cloud ServiceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →