Today > 1 Critical | 3 High | 4 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-7206

Oct. 10, 2024, 12:56 p.m.

Description

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware

Weaknesses

CWE-295
Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE ID: 295

Date

Published: Oct. 8, 2024, 7:15 a.m.

Last Modified: Oct. 10, 2024, 12:56 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

68870bb1-d075-4169-957d-e580b18692b9

References

https://ewelink.cc/ 68870bb1-d075-4169-957d-e580b18692b9