CVE-2024-7206

Summary

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware

Affected Software

VendorProductVersion RangeStatus
eWeLinkZigbee Bridge Pro0 <= 2.0.0affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation
  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References