CVE-2024-7205— sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

EPSS 0.20% · P42 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7205

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

Source: NVD (National Vulnerability Database)

Vulnerability Description

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过发送数据的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

eWeLink 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

eWeLink是eWeLink公司的一款智能家居助手。 eWeLink 2.19.0之前版本存在安全漏洞，该漏洞源于当设备共享时，允许次要用户通过共享不必要的设备敏感信息来接管设备成为主要用户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
CoolKit	eWeLink Cloud Service	2.0.0 ~ 2.19.0	-

II. Public POCs for CVE-2024-7205

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-7205

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: CoolKit

CVE-2024-3130
Insecure Data Storage leading to sensitive Information disc

Same weakness: CWE-201

V. Comments for CVE-2024-7205

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-7205— sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user

I. Basic Information for CVE-2024-7205

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-7205

III. Intelligence Information for CVE-2024-7205

IV. Related Vulnerabilities

V. Comments for CVE-2024-7205

Leave a comment