Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
Title Release Date 2024/7/30 Abstract When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. cveid:CVE-2024-7205 Affected Product eWeLink Cloud Service homepage module Affected Version From 2.0.0 to 2.19.0 Impact By exploiting this vulnerability an Secondary user …