Search criteria
9 vulnerabilities found for ewelink by coolkit
VAR-202105-0825
Vulnerability from variot - Updated: 2025-01-30 22:31Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. eWeLink Mobile application Contains an improper authentication vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0825",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewelink",
"scope": "lte",
"trust": 1.0,
"vendor": "coolkit",
"version": "4.9.1"
},
{
"model": "ewelink",
"scope": "lte",
"trust": 1.0,
"vendor": "coolkit",
"version": "4.9.2"
},
{
"model": "ewelink",
"scope": "lte",
"trust": 0.8,
"vendor": "coolkit",
"version": "4.9.2 until (android)"
},
{
"model": "ewelink",
"scope": "lte",
"trust": 0.8,
"vendor": "coolkit",
"version": "4.9.1 until (ios)"
},
{
"model": "ewelink",
"scope": "eq",
"trust": 0.8,
"vendor": "coolkit",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"cve": "CVE-2021-27941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27941",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-27941",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27941",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27941",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-27941",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-27941",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unconstrained Web access to the device\u0027s private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. eWeLink Mobile application Contains an improper authentication vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "VULMON",
"id": "CVE-2021-27941"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27941",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-291",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-27941",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"id": "VAR-202105-0825",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"vehicle device"
],
"sub_category": "mobile device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T22:31:50.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eWeLink-Smart\u00a0Home Google\u00a0Play",
"trust": 0.8,
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"title": "eWeLink-QR-Code",
"trust": 0.1,
"url": "https://github.com/salgio/eWeLink-QR-Code "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/salgio/ewelink-qr-code"
},
{
"trust": 1.7,
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"trust": 1.7,
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_us"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27941"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"date": "2022-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"date": "2021-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"date": "2021-05-06T21:15:07.597000",
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27941"
},
{
"date": "2022-01-13T03:29:00",
"db": "JVNDB",
"id": "JVNDB-2021-006558"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-291"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-27941"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWeLink\u00a0 Mobile application \u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-291"
}
],
"trust": 0.6
}
}
VAR-202102-0089
Vulnerability from variot - Updated: 2024-11-23 22:37Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. eWeLink Mobile applications contain vulnerabilities in the use of cryptographic algorithms.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewelink",
"scope": "lte",
"trust": 1.0,
"vendor": "coolkit",
"version": "4.9.2"
},
{
"model": "ewelink",
"scope": "lte",
"trust": 1.0,
"vendor": "coolkit",
"version": "4.9.1"
},
{
"model": "ewelink",
"scope": "lte",
"trust": 0.8,
"vendor": "coolkit",
"version": "4.9.1 and earlier (ios)"
},
{
"model": "ewelink",
"scope": "eq",
"trust": 0.8,
"vendor": "coolkit",
"version": null
},
{
"model": "ewelink",
"scope": "lte",
"trust": 0.8,
"vendor": "coolkit",
"version": "4.9.2 and earlier (android)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"cve": "CVE-2020-12702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12702",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-12702",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12702",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12702",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-12702",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1578",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-12702",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. eWeLink Mobile applications contain vulnerabilities in the use of cryptographic algorithms.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "VULMON",
"id": "CVE-2020-12702"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12702",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-12702",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"id": "VAR-202102-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25
},
"last_update_date": "2024-11-23T22:37:05.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eWeLink\u00a0-\u00a0Smart\u00a0Home",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"title": "eWeLink mobile application Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143434"
},
{
"title": "ESPTouchCatcher",
"trust": 0.1,
"url": "https://github.com/salgio/ESPTouchCatcher "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/salgio/esptouchcatcher"
},
{
"trust": 1.7,
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=dghyh7wy6ie\u0026feature=youtu.be"
},
{
"trust": 1.7,
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_us"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12702"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"date": "2021-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"date": "2021-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"date": "2021-02-24T14:15:13.150000",
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12702"
},
{
"date": "2021-11-16T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2020-016233"
},
{
"date": "2021-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1578"
},
{
"date": "2024-11-21T05:00:06.477000",
"db": "NVD",
"id": "CVE-2020-12702"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWeLink\u00a0 Vulnerability in using cryptographic algorithms in mobile applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1578"
}
],
"trust": 0.6
}
}
VAR-202312-2498
Vulnerability from variot - Updated: 2024-10-10 23:21Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. CoolKit Technology multiple of OS for eWeLink Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-2498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewelink",
"scope": "lt",
"trust": 1.1,
"vendor": "coolkit",
"version": "5.2.0"
},
{
"model": "ewelink",
"scope": "eq",
"trust": 0.8,
"vendor": "coolkit",
"version": null
},
{
"model": "ewelink",
"scope": null,
"trust": 0.8,
"vendor": "coolkit",
"version": null
},
{
"model": "ewelink",
"scope": "eq",
"trust": 0.8,
"vendor": "coolkit",
"version": "5.2.0"
}
],
"sources": [
{
"db": "OTHER",
"id": "CVE-2023-6998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"cve": "CVE-2023-6998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2023-6998",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-6998",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-6998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cvd@cert.pl",
"id": "CVE-2023-6998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-6998",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. CoolKit Technology multiple of OS for eWeLink Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-6998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "VULMON",
"id": "CVE-2023-6998"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-6998",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821",
"trust": 0.8
},
{
"db": "OTHER",
"id": "CVE-2023-6998",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-6998",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": "CVE-2023-6998"
},
{
"db": "VULMON",
"id": "CVE-2023-6998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"id": "VAR-202312-2498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": "CVE-2023-6998"
}
],
"trust": 0.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": "application",
"sub_category": "mobile_app",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": "CVE-2023-6998"
}
]
},
"last_update_date": "2024-10-10T23:21:47.893000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-305",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cert.pl/en/posts/2023/12/cve-2023-6998/"
},
{
"trust": 1.9,
"url": "https://cert.pl/posts/2023/12/cve-2023-6998/"
},
{
"trust": 1.9,
"url": "https://ewelink.cc/app/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6998"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-6998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": "CVE-2023-6998"
},
{
"db": "VULMON",
"id": "CVE-2023-6998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2023-6998"
},
{
"date": "2024-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"date": "2023-12-30T19:15:08.303000",
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-6998"
},
{
"date": "2024-02-01T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-024821"
},
{
"date": "2024-10-10T16:15:07.850000",
"db": "NVD",
"id": "CVE-2023-6998"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CoolKit\u00a0Technology\u00a0 multiple of \u00a0OS\u00a0 for \u00a0eWeLink\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024821"
}
],
"trust": 0.8
}
}
CVE-2023-6998 (GCVE-0-2023-6998)
Vulnerability from nvd – Published: 2023-12-30 18:32 – Updated: 2024-10-10 15:36
VLAI?
Title
Lockscreen bypass in eWeLink App
Summary
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Severity ?
7.7 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CoolKit Technology | eWeLink - Smart Home |
Affected:
0 , < 5.2.0
(custom)
|
|||||||
|
|||||||||
Credits
Jan Adamski (NASK)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://ewelink.cc/app/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://play.google.com/store/apps/details?id=com.coolkit",
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "eWeLink - Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "eWeLink-Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan Adamski (NASK)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.\u003cp\u003eThis issue affects eWeLink before 5.2.0.\u003c/p\u003e"
}
],
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:12.108Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product"
],
"url": "https://ewelink.cc/app/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lockscreen bypass in eWeLink App",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2023-6998",
"datePublished": "2023-12-30T18:32:07.452Z",
"dateReserved": "2023-12-20T14:04:20.543Z",
"dateUpdated": "2024-10-10T15:36:12.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27941 (GCVE-0-2021-27941)
Vulnerability from nvd – Published: 2021-05-06 20:31 – Updated: 2024-08-03 21:33
VLAI?
Summary
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unconstrained Web access to the device\u0027s private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T20:31:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unconstrained Web access to the device\u0027s private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"name": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"refsource": "MISC",
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"name": "https://github.com/salgio/eWeLink-QR-Code",
"refsource": "MISC",
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27941",
"datePublished": "2021-05-06T20:31:53",
"dateReserved": "2021-03-03T00:00:00",
"dateUpdated": "2024-08-03T21:33:16.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12702 (GCVE-0-2020-12702)
Vulnerability from nvd – Published: 2021-02-24 13:58 – Updated: 2024-08-04 12:04
VLAI?
Summary
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-24T13:58:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"name": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965",
"refsource": "MISC",
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"name": "https://github.com/salgio/ESPTouchCatcher",
"refsource": "MISC",
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"name": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12702",
"datePublished": "2021-02-24T13:58:28",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6998 (GCVE-0-2023-6998)
Vulnerability from cvelistv5 – Published: 2023-12-30 18:32 – Updated: 2024-10-10 15:36
VLAI?
Title
Lockscreen bypass in eWeLink App
Summary
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Severity ?
7.7 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CoolKit Technology | eWeLink - Smart Home |
Affected:
0 , < 5.2.0
(custom)
|
|||||||
|
|||||||||
Credits
Jan Adamski (NASK)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://ewelink.cc/app/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://play.google.com/store/apps/details?id=com.coolkit",
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "eWeLink - Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "eWeLink-Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan Adamski (NASK)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.\u003cp\u003eThis issue affects eWeLink before 5.2.0.\u003c/p\u003e"
}
],
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:12.108Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product"
],
"url": "https://ewelink.cc/app/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lockscreen bypass in eWeLink App",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2023-6998",
"datePublished": "2023-12-30T18:32:07.452Z",
"dateReserved": "2023-12-20T14:04:20.543Z",
"dateUpdated": "2024-10-10T15:36:12.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27941 (GCVE-0-2021-27941)
Vulnerability from cvelistv5 – Published: 2021-05-06 20:31 – Updated: 2024-08-03 21:33
VLAI?
Summary
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unconstrained Web access to the device\u0027s private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T20:31:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unconstrained Web access to the device\u0027s private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"name": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"refsource": "MISC",
"url": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158"
},
{
"name": "https://github.com/salgio/eWeLink-QR-Code",
"refsource": "MISC",
"url": "https://github.com/salgio/eWeLink-QR-Code"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27941",
"datePublished": "2021-05-06T20:31:53",
"dateReserved": "2021-03-03T00:00:00",
"dateUpdated": "2024-08-03T21:33:16.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12702 (GCVE-0-2020-12702)
Vulnerability from cvelistv5 – Published: 2021-02-24 13:58 – Updated: 2024-08-04 12:04
VLAI?
Summary
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-24T13:58:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.coolkit\u0026hl=en_US"
},
{
"name": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965",
"refsource": "MISC",
"url": "https://dl.acm.org/doi/abs/10.1145/3411498.3419965"
},
{
"name": "https://github.com/salgio/ESPTouchCatcher",
"refsource": "MISC",
"url": "https://github.com/salgio/ESPTouchCatcher"
},
{
"name": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=DghYH7WY6iE\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12702",
"datePublished": "2021-02-24T13:58:28",
"dateReserved": "2020-05-07T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}