PT-2024-38166 · Unknown · Ewelink Cloud Service

Published

2024-07-31

Updated

2025-08-31

CVE-2024-7205

Report an issue

CVSS v4.0

9.4

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:D/RE:L/U:Green

Name of the Vulnerable Software and Affected Versions:

eWeLink Cloud Service versions prior to 2.19.0

eWeLink Cloud Service versions up to 2.18.x

Description:

When a device is shared, the homepage module in eWeLink Cloud Service allows a secondary user to take over devices as a primary user by sharing unnecessary device-sensitive information.

Recommendations:

eWeLink Cloud Service versions prior to 2.19.0: Upgrade to version 2.19.0 or later.

eWeLink Cloud Service versions up to 2.18.x: Upgrade to a version later than 2.18.x.

Fix

Weakness Enumeration

CWE-201

Related Identifiers

CVE-2024-7205

Affected Products

Ewelink Cloud Service

PT-2024-38166 · Unknown · Ewelink Cloud Service

Weakness Enumeration

Related Identifiers

Affected Products

References · 11