CVE-2024-48541

HIGH

Ruochan Smart <4.4.7 - Info Disclosure

Title source: llm

Description

Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

References (2)

Core 2

Core References

Various Sources

http://www.ruochanit.com/

Various Sources

https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ruochan.dabai/com.ruochan.dabai.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Published Oct 24, 2024

Tracked Since Feb 18, 2026