CVE-2024-7206 HIGH

CVE-2024-7206: Firmware extraction and Hardware SSL Pinning Bypass

Vendor Ewelink
Product Zigbee Bridge Pro
Weakness CWE-295
Published October 8, 2024
Last update October 8, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 8, 2024 Record updated