Overview
eWeLink has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-7205
- eWeLink Cloud Service homepage module versions: 2.0.0 (inclusive) ~ 2.19.0 (exclusive)
Resolved Vulnerabilities
Vulnerability in the homepage module of the eWeLink cloud service that allows a secondary user to take over as the primary user of a device by sharing unnecessary device-related information (CVE-2024-7205)
Vulnerability Patches
Vulnerability patches have been made available with the latest update on July 30, 2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-7205
- eWeLink Cloud Service homepage module version: 2.19.0
Referenced Sites
[1] CVE-2024-7205 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-7205
[2] Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user
https://ewelink.cc/security-advisory-240730/
Article Link: EWeLink Product Security Update Advisory (CVE-2024-7205) – ASEC