Howard

Security Advisory – Firmware extraction and Hardware SSL Pinning Bypass

Security Advisories & Notices​ / By

Title Release Date 8/10/2024 Abstract An attacker can extract the firmware and can analyze the firmware to further exploit other vulnerabilities such as • Decrypt TLS communication of device and cloud. • Extract secrets to clone the device. cveid:CVE-2024-7206 Affected Product Zigbee Bridge Pro Affected Version 2.0.0 and before Impact Attackers can use this vulnerability …

Security Advisory – Firmware extraction and Hardware SSL Pinning Bypass Read More »

Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

Security Advisories & Notices​ / By

Title Release Date 2024/7/30 Abstract When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. cveid:CVE-2024-7205 Affected Product eWeLink Cloud Service homepage module Affected Version From 2.0.0 to 2.19.0 Impact By exploiting this vulnerability an Secondary user …

Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user Read More »

Security Advisory – Vulnerability Analysis of eWeLink APP Local Log Containing Partial Device Information

Security Advisories & Notices​ / By

Title Release Date 2023/12/20 Abstract In eWeLink APP version 3.x, during the device pairing process, some device‘s information is logged locally. When attackers gain file permissions by connecting to the user’s phone, it leads to the leakage of some device information. Affected Product eWeLink APP Affected Version eWeLink APP 3.x Impact Attackers can exploit this …

Security Advisory – Vulnerability Analysis of eWeLink APP Local Log Containing Partial Device Information Read More »

Security Advisory – eWeLink 2.4G remote control light bulbs Remote Code Execution Vulnerability

Security Advisories & Notices​ / By

Title Release Date 2023/11/07 Abstract The connection modules of some Bluetooth 2.4G remote-control devices contain a vulnerability that allows bypassing of authentication. Successfully exploiting this vulnerability may allow attackers to access restricted functionalities. Affected Product BLREAD-L Affected Version BLREAD-L 1.2.1 Impact Attackers can exploit this vulnerability to access certain restricted functionalities. Technical Details Exploitation Preconditions: …

Security Advisory – eWeLink 2.4G remote control light bulbs Remote Code Execution Vulnerability Read More »

UPDATED eWeLink add-on V1.3.1 for Home Assistant

Blog, Guide and Tutorials / By

Table of Contents eWeLink add-on V1.3.1 for Home Assistant and sync ZigBee end-sensors bridged by NSPanle Pro to Home Assistant supported. Control your eWeLink supported devices via Home Assistant, LAN and Cloud. Please note this add-on is NOT a regularly updated service like the eWeLink APP and others, basically based on the user’s feedback and …

UPDATED eWeLink add-on V1.3.1 for Home Assistant Read More »

eWeLink is featured on WWDC 2022 as a partner of Matter

Blog, Press Room / By

Apple WWDC 2022 kicked off on June 6, 2022, as expected Apple reveals plenty of NEWS at this event, including new hardware products, and launch updates to all of its platforms, iOS, iPadOS, macOS, and watchOS. The most eye-catching part of WWDC 2022 revolves around Matter, with eWeLink’s debut as a partner of Matter.

Get in Touch

Facebook Youtube Twitter Github
Copyright © 2024 eWeLink. All rights reserved.

This website use cookies to ensure you get the best experience on our website.

ACCEPT & CLOSE
DECLINE