Details of VAR-202312-2498

ID

VAR-202312-2498

CVE

CVE-2023-6998

TITLE

CoolKit Technology multiple of OS for eWeLink Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-024821

DESCRIPTION

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. CoolKit Technology multiple of OS for eWeLink Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2023-6998 // JVNDB: JVNDB-2023-024821 // VULMON: CVE-2023-6998

IOT TAXONOMY

category:

application

sub_category:

mobile_app

Trust: 0.1

sources: OTHER: CVE-2023-6998

AFFECTED PRODUCTS

vendor:	coolkit	model:	ewelink	scope:	lt	version:	5.2.0	Trust: 1.1
vendor:	coolkit	model:	ewelink	scope:	eq	version:	-	Trust: 0.8
vendor:	coolkit	model:	ewelink	scope:	-	version:	-	Trust: 0.8
vendor:	coolkit	model:	ewelink	scope:	eq	version:	5.2.0	Trust: 0.8

sources: OTHER: CVE-2023-6998 // JVNDB: JVNDB-2023-024821 // NVD: CVE-2023-6998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-6998
value:	HIGH
Trust: 1.0
cvd@cert.pl:	CVE-2023-6998
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-6998
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-6998
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2023-6998
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-024821 // NVD: CVE-2023-6998 // NVD: CVE-2023-6998

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-305	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-024821 // NVD: CVE-2023-6998

EXTERNAL IDS

db:	NVD	id:	CVE-2023-6998	Trust: 2.8
db:	JVNDB	id:	JVNDB-2023-024821	Trust: 0.8
db:	OTHER	id:	CVE-2023-6998	Trust: 0.1
db:	VULMON	id:	CVE-2023-6998	Trust: 0.1

sources: OTHER: CVE-2023-6998 // VULMON: CVE-2023-6998 // JVNDB: JVNDB-2023-024821 // NVD: CVE-2023-6998

REFERENCES

url:	https://cert.pl/en/posts/2023/12/cve-2023-6998/	Trust: 1.9
url:	https://cert.pl/posts/2023/12/cve-2023-6998/	Trust: 1.9
url:	https://ewelink.cc/app/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-6998	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-6998 // JVNDB: JVNDB-2023-024821 // NVD: CVE-2023-6998

SOURCES

db:	OTHER	id:	CVE-2023-6998
db:	VULMON	id:	CVE-2023-6998
db:	JVNDB	id:	JVNDB-2023-024821
db:	NVD	id:	CVE-2023-6998

LAST UPDATE DATE

2024-10-10T23:21:47.893000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-6998	date:	2024-01-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-024821	date:	2024-02-01T06:10:00
db:	NVD	id:	CVE-2023-6998	date:	2024-10-10T16:15:07.850

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-6998	date:	2023-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-024821	date:	2024-02-01T00:00:00
db:	NVD	id:	CVE-2023-6998	date:	2023-12-30T19:15:08.303