CVE-2024-3130

Published Apr 1, 2024

Last updated 3 months ago

CVSS medium 5.7

Overview

Description
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app
Source
68870bb1-d075-4169-957d-e580b18692b9
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.7
Impact score
5.2
Exploitability score
0.5
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

68870bb1-d075-4169-957d-e580b18692b9
CWE-798

Social media

Hype score
Not currently trending

References