Vulnerability Database

290,273

Total vulnerabilities in the database

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.

  • Published: May 6, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-27941
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.6
  • AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
coolkit / ewelink - 4.9.1.x
coolkit / ewelink - 4.9.2.x