CVE-2024-25731

Name of the Vulnerable Software and Affected Versions Elink Smart eSmartCam application version 2.1.5

Description The issue is related to the use of hardcoded AES encryption keys in the application, which can be extracted from a binary file. This allows an attacker who can observe packet data, for example over Wi-Fi, to defeat the encryption. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information and potentially implement a "man-in-the-middle" attack.

Recommendations For version 2.1.5, consider disabling the use of AES encryption until a patch is available that removes the hardcoded keys. Restrict access to sensitive data and avoid using the application over unsecured networks like public Wi-Fi to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.