CVE-2026-3671

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221

Description A flaw exists in the TokenBalanceContentProvider function within the org.ethereumphone.walletmanager.testing123 component. A manipulation of this function can lead to improper authorization. Local access is required for exploitation. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 20260221 should be updated. As a temporary workaround, consider restricting access to the TokenBalanceContentProvider function until a patch is available.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2026-3671

Affected Products

Dgen1

Org.Ethereumphone.Walletmanager.Testing123

CVE-2026-3671

Weakness Enumeration

Related Identifiers

Affected Products

References · 8