CVE-2024-7206
Oct. 10, 2024, 12:56 p.m.
Tags
Product(s) Impacted
eWeLink
Description
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware
Weaknesses
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE ID: 295Date
Published: Oct. 8, 2024, 7:15 a.m.
Last Modified: Oct. 10, 2024, 12:56 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
68870bb1-d075-4169-957d-e580b18692b9
References
https://ewelink.cc/
68870bb1-d075-4169-957d-e580b18692b9