CVE-2023-6998

HIGH

CoolKit Technology eWeLink <5.2.0 - Privilege Escalation

Title source: llm

Description

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.

References (3)

[Third Party Advisory] https://cert.pl/en/posts/2023/12/CVE-2023-6998/

[Third Party Advisory] https://cert.pl/posts/2023/12/CVE-2023-6998/

[Product] https://ewelink.cc/app/

Scores

CVSS v3 7.7

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-305

Status published

Products (1)

coolkit/ewelink < 5.2.0 (2 CPE variants)

Published Dec 30, 2023

Tracked Since Feb 18, 2026