CVE-2024-48545

HIGH

IVY Smart 4.5.0 - Incorrect Authorization in Firmware Update and Download

Title source: llm

Description

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

References (1)

Core 1

Core References

Various Sources

https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ivyiot.IvySmart/com.ivyiot.IvySmart.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0020

EPSS Percentile 9.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Published Oct 24, 2024

Tracked Since Feb 18, 2026