CVE-2026-3667

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221

Description A security flaw exists in Freedom Factory dGEN1 up to version 20260221. The issue resides within the FakeAppService function of the org.ethosmobile.ethoslauncher component, leading to improper authorization. The attack requires local access. The exploit is publicly available. The vendor was informed of the issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2026-3667

Affected Products

Dgen1

Ethoslauncher

CVE-2026-3667

Weakness Enumeration

Related Identifiers

Affected Products

References · 8