Security Advisories & Notices​

Title Release Date 8/10/2024 Abstract An attacker can extract the firmware and can analyze the firmware to further exploit other vulnerabilities such as • Decrypt TLS communication of device and cloud. • Extract secrets to clone the device. cveid：CVE-2024-7206 Affected Product Zigbee Bridge Pro Affected Version 2.0.0 and before Impact Attackers can use this vulnerability …

Security Advisory – Firmware extraction and Hardware SSL Pinning Bypass Read More »

Title Release Date 2024/7/30 Abstract When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. cveid：CVE-2024-7205 Affected Product eWeLink Cloud Service homepage module Affected Version From 2.0.0 to 2.19.0 Impact By exploiting this vulnerability an Secondary user …

Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user Read More »

Title Release Date 2023/12/20 Abstract In eWeLink APP version 3.x, during the device pairing process, some device‘s information is logged locally. When attackers gain file permissions by connecting to the user’s phone, it leads to the leakage of some device information. Affected Product eWeLink APP Affected Version eWeLink APP 3.x Impact Attackers can exploit this …

Security Advisory – Vulnerability Analysis of eWeLink APP Local Log Containing Partial Device Information Read More »

Title Release Date 2023/11/07 Abstract The connection modules of some Bluetooth 2.4G remote-control devices contain a vulnerability that allows bypassing of authentication. Successfully exploiting this vulnerability may allow attackers to access restricted functionalities. Affected Product BLREAD-L Affected Version BLREAD-L 1.2.1 Impact Attackers can exploit this vulnerability to access certain restricted functionalities. Technical Details Exploitation Preconditions: …

Security Advisory – eWeLink 2.4G remote control light bulbs Remote Code Execution Vulnerability Read More »