CVE-2024-7205

 

When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
https://nvd.nist.gov/vuln/detail/CVE-2024-7205

Categories

CWE-201 : Insertion of Sensitive Information Into Sent Data
Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).

References

68870bb1-d075-4169-957d-e580b18692b9


 

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
12 Choosing Message Identifier
High
217 Exploiting Incorrectly Configured SSL/TLS
612 WiFi MAC Address Tracking
Low
613 WiFi SSID Tracking
Low
618 Cellular Broadcast Message Request
Low
619 Signal Strength Tracking
Low
621 Analysis of Packet Timing and Sizes
Low
622 Electromagnetic Side-Channel Attack
Low
623 Compromising Emanations Attack
Low