CVE-2024-48548

Name of the Vulnerable Software and Affected Versions Cloud Smart Lock version 2.0.1

Description The issue concerns a leaked URL in the APK file that can be used to call an API for binding physical devices. This allows attackers to construct requests to bind the app to unknown devices by finding a valid serial number through a bruteforce attack.

Recommendations For Cloud Smart Lock version 2.0.1, consider restricting access to the API endpoint that handles device binding requests until a patch is available. As a temporary workaround, avoid using the app to bind new devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.