CVE-2023-34761

MEDIUM

7-eleven Hello Cup - Missing Authentication

Title source: rule

Description

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

References (2)

Core 2

Core References

Exploit

https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak

View Exploit ZIP pw:eip

Third Party Advisory

https://github.com/actuator/cve/blob/main/CVE-2023-34761

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

7-eleven/hello_cup 1.3.1

Published Jun 28, 2023

Tracked Since Feb 18, 2026