Vulnerability Description
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coolkit | Ewelink | <= 4.9.1 |
Related Weaknesses (CWE)
References
- https://dl.acm.org/doi/abs/10.1145/3411498.3419965Third Party Advisory
- https://github.com/salgio/ESPTouchCatcherExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.coolkit&hl=en_USProductThird Party Advisory
- https://www.youtube.com/watch?v=DghYH7WY6iE&feature=youtu.beExploitThird Party Advisory
- https://dl.acm.org/doi/abs/10.1145/3411498.3419965Third Party Advisory
- https://github.com/salgio/ESPTouchCatcherExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.coolkit&hl=en_USProductThird Party Advisory
- https://www.youtube.com/watch?v=DghYH7WY6iE&feature=youtu.beExploitThird Party Advisory
FAQ
What is CVE-2020-12702?
CVE-2020-12702 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesd...
How severe is CVE-2020-12702?
CVE-2020-12702 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12702?
Check the references section above for vendor advisories and patch information. Affected products include: Coolkit Ewelink.