CVE-2024-7205

eWeLink Cloud Service <2.19.0 - Privilege Escalation

Title source: llm

Description

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.

References (1)

[Various Sources] https://ewelink.cc/security-advisory-240730/

Scores

EPSS 0.0020

EPSS Percentile 42.0%

Classification

CWE

CWE-201

Status draft

Timeline

Published Jul 31, 2024

Tracked Since Feb 18, 2026