AI description
Automated description summarized from trusted sources.
CVE-2024-7206 refers to an SSL pinning bypass vulnerability found in eWeLink. Some hardware products are affected, allowing a local attacker to decrypt TLS communication. The vulnerability allows an attacker to extract secrets and clone the device by flashing modified firmware. It was found in eWeLink Zigbee Bridge Pro up to version 2.0.0.
- Description
- SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware
- Source
- 68870bb1-d075-4169-957d-e580b18692b9
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- 68870bb1-d075-4169-957d-e580b18692b9
- CWE-295
- Hype score
- Not currently trending