CVE-2026-3667

MEDIUM

Freedom Factory dGEN1 <20260221 - Privilege Escalation

Title source: llm

Description

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.349555

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349555

[Permissions Required, VDB Entry] https://vuldb.com/?submit.764699

[Various Sources] https://gist.github.com/Lytes/a94219fa1de3f5173555d5a3e8058f01

[Various Sources] https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Published Mar 07, 2026

Tracked Since Mar 07, 2026