CVE-2020-12702

Name of the Vulnerable Software and Affected Versions eWeLink mobile application versions 4.9.2 and earlier (Android) eWeLink mobile application versions 4.9.1 and earlier (iOS)

Description Weak encryption in the Quick Pairing mode allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.

Recommendations For Android application versions 4.9.2 and earlier, update to a version later than 4.9.2 to resolve the issue. For iOS application versions 4.9.1 and earlier, update to a version later than 4.9.1 to resolve the issue. As a temporary workaround, consider disabling the Quick Pairing mode until a patch is available.