Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Coolkit Subscribe
Filtered by product Ewelink
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27941 1 Coolkit 1 Ewelink 2022-07-12 2.1 LOW 4.6 MEDIUM
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
CVE-2020-12702 1 Coolkit 1 Ewelink 2021-07-21 2.1 LOW 4.6 MEDIUM
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.