CVE-2024-48547

HIGH

DreamCatcher Life <1.8.7 - Info Disclosure

Title source: llm

Description

Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.

References (1)

Core 1

Core References

Various Sources

https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.dc.dreamcatcherlife/com.dc.dreamcatcherlife.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0020

EPSS Percentile 9.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Published Oct 24, 2024

Tracked Since Feb 18, 2026