{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-3130",
        "assignerOrgId": "68870bb1-d075-4169-957d-e580b18692b9",
        "state": "PUBLISHED",
        "assignerShortName": "CoolKit",
        "dateReserved": "2024-04-01T09:11:45.225Z",
        "datePublished": "2024-04-01T09:13:53.082Z",
        "dateUpdated": "2024-08-01T19:32:42.974Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "platforms": [
                        "Android",
                        "iOS"
                    ],
                    "product": "eWeLink APP",
                    "vendor": "CoolKIt",
                    "versions": [
                        {
                            "lessThan": "5.4.x",
                            "status": "affected",
                            "version": "0",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "user": "00000000-0000-4000-9000-000000000000",
                    "value": "Aarav Sinha, Senior Security Researcher, FEV India Pvt Ltd."
                },
                {
                    "lang": "en",
                    "type": "finder",
                    "user": "00000000-0000-4000-9000-000000000000",
                    "value": "Vaishali Nagori, Senior Security Researcher, FEV India Pvt Ltd."
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "<span style=\"background-color: rgb(255, 255, 255);\">Hard-coded Credentials</span>&nbsp;in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to&nbsp;unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app<br><br>"
                        }
                    ],
                    "value": "Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app\n\n"
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "HIGH",
                        "attackVector": "LOCAL",
                        "availabilityImpact": "NONE",
                        "baseScore": 5.7,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "HIGH",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-798",
                            "description": "CWE-798 Use of Hard-coded Credentials",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "68870bb1-d075-4169-957d-e580b18692b9",
                "shortName": "CoolKit",
                "dateUpdated": "2024-04-01T09:15:47.799Z"
            },
            "references": [
                {
                    "url": "https://ewelink.cc/security-advisories-and-notices/"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest version of the app.</span><br>"
                        }
                    ],
                    "value": "Update to the latest version of the app.\n"
                }
            ],
            "source": {
                "discovery": "EXTERNAL"
            },
            "title": " Insecure Data Storage leading to sensitive Information disclosure.",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "coolkit",
                        "product": "ewelink_app",
                        "cpes": [
                            "cpe:2.3:a:coolkit:ewelink_app:*:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "affected",
                        "versions": [
                            {
                                "version": "0",
                                "status": "affected",
                                "lessThan": "5.4x",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-04-02T14:26:29.391805Z",
                                "id": "CVE-2024-3130",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-16T15:34:39.726Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T19:32:42.974Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://ewelink.cc/security-advisories-and-notices/",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}