Search criteria
2 vulnerabilities found for eWeLink - Smart Home by CoolKit Technology
CVE-2023-6998 (GCVE-0-2023-6998)
Vulnerability from cvelistv5 – Published: 2023-12-30 18:32 – Updated: 2024-10-10 15:36
VLAI?
Summary
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Severity ?
7.7 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CoolKit Technology | eWeLink - Smart Home |
Affected:
0 , < 5.2.0
(custom)
|
|||||||
|
|||||||||
Credits
Jan Adamski (NASK)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://ewelink.cc/app/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://play.google.com/store/apps/details?id=com.coolkit",
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "eWeLink - Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "eWeLink-Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan Adamski (NASK)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.\u003cp\u003eThis issue affects eWeLink before 5.2.0.\u003c/p\u003e"
}
],
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:12.108Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product"
],
"url": "https://ewelink.cc/app/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lockscreen bypass in eWeLink App",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2023-6998",
"datePublished": "2023-12-30T18:32:07.452Z",
"dateReserved": "2023-12-20T14:04:20.543Z",
"dateUpdated": "2024-10-10T15:36:12.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6998 (GCVE-0-2023-6998)
Vulnerability from nvd – Published: 2023-12-30 18:32 – Updated: 2024-10-10 15:36
VLAI?
Summary
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Severity ?
7.7 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CoolKit Technology | eWeLink - Smart Home |
Affected:
0 , < 5.2.0
(custom)
|
|||||||
|
|||||||||
Credits
Jan Adamski (NASK)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://ewelink.cc/app/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://play.google.com/store/apps/details?id=com.coolkit",
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "eWeLink - Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://apps.apple.com/us/app/ewelink-smart-home/id1035163158",
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "eWeLink-Smart Home",
"vendor": "CoolKit Technology",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan Adamski (NASK)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.\u003cp\u003eThis issue affects eWeLink before 5.2.0.\u003c/p\u003e"
}
],
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:12.108Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2023/12/CVE-2023-6998/"
},
{
"tags": [
"product"
],
"url": "https://ewelink.cc/app/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lockscreen bypass in eWeLink App",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2023-6998",
"datePublished": "2023-12-30T18:32:07.452Z",
"dateReserved": "2023-12-20T14:04:20.543Z",
"dateUpdated": "2024-10-10T15:36:12.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}