CVE-2026-3668

LOW

Freedom Factory dGEN1 <=20260221 - Auth Bypass

Title source: llm

Description

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Various Sources] https://gist.github.com/Lytes/5fc292cecdc561f5c010c1f3a8a7bf1d

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349556

[Permissions Required, VDB Entry] https://vuldb.com/?id.349556

[Permissions Required, VDB Entry] https://vuldb.com/?submit.764702

Scores

CVSS v3 3.1

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-284 CWE-266

Status draft

Timeline

Published Mar 07, 2026

Tracked Since Mar 07, 2026