CVE-2024-7205
sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:D/RE:L/U:Green
Produtos afetados
CoolKit · eWeLink Cloud ServiceQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://ewelink.cc/security-advisory-240730/