PT-2026-23885 · Freedom Factory+1 · Dgen1+1
Vuldb
·
Published
2026-03-07
·
Updated
2026-03-08
·
CVE-2026-3675
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Freedom Factory dGEN1 versions up to 20260221
Description
A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. The issue is located within the
FakeAppReceiver function of the org.ethosmobile.ethoslauncher component. Exploitation requires local access. The vulnerability has been publicly disclosed, and the vendor was informed but did not respond.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dgen1
Ethoslauncher