Vulnerability Details : CVE-2023-6998
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Products affected by CVE-2023-6998
- cpe:2.3:a:coolkit:ewelink:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:coolkit:ewelink:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6998
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6998
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.7
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.5
|
5.2
|
CERT.PL | |
7.7
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.5
|
5.2
|
NIST | 2024-01-11 |
CWE ids for CVE-2023-6998
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: cvd@cert.pl (Secondary)
-
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.Assigned by: cvd@cert.pl (Secondary)
References for CVE-2023-6998
-
https://cert.pl/posts/2023/12/CVE-2023-6998/
Podatność w aplikacji eWeLink firmy CoolKit Technology (Android & iOS) | CERT PolskaThird Party Advisory
-
https://cert.pl/en/posts/2023/12/CVE-2023-6998/
Vulnerability in CoolKit Technology eWeLink mobile application (Android & iOS) | CERT PolskaThird Party Advisory
-
https://ewelink.cc/app/
App - eWeLinkProduct
Jump to