Giovanni Salzillo

3 exploits Active since Feb 2021
CVE-2020-12702 NOMISEC MEDIUM WORKING POC
eWeLink < 4.9.1 (iOS) and < 4.9.2 (Android) - Weak Encryption in Quick Pairing Mode
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
5 stars
CVSS 4.6
CVE-2020-12702 NOMISEC MEDIUM WRITEUP
eWeLink < 4.9.1 (iOS) and < 4.9.2 (Android) - Weak Encryption in Quick Pairing Mode
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
1 stars
CVSS 4.6
CVE-2021-27941 WRITEUP MEDIUM WRITEUP
eWeLink <4.9.2-4.9.1 - Info Disclosure
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
CVSS 4.6