EWeLink Product Security Update Advisory (CVE-2024-7205)

Overview

 

eWeLink has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-7205

  • eWeLink Cloud Service homepage module versions: 2.0.0 (inclusive) ~ 2.19.0 (exclusive)

 

 

Resolved Vulnerabilities

 

Vulnerability in the homepage module of the eWeLink cloud service that allows a secondary user to take over as the primary user of a device by sharing unnecessary device-related information (CVE-2024-7205)

 

 

Vulnerability Patches

 

Vulnerability patches have been made available with the latest update on July 30, 2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-7205

  • eWeLink Cloud Service homepage module version: 2.19.0

 

 

Referenced Sites

[1] CVE-2024-7205 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7205

[2] Security Advisory – Sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

https://ewelink.cc/security-advisory-240730/

Article Link: EWeLink Product Security Update Advisory (CVE-2024-7205) – ASEC