Elink Smart eSmartCam App Vulnerable to AES Encryption Defeat
CVE-2024-25731

7.5HIGH

Key Information:

Vendor: com.cn.dq.ipc
Status: Esmartcam
Vendor: CVE Published:; 5 March 2024

🔔 Create com.cn.dq.ipc Vulnerability Alert

What is CVE-2024-25731?

The Elink Smart eSmartCam application for Android, specifically version 2.1.5, contains a significant security flaw due to the presence of hardcoded AES encryption keys within its binary files. This vulnerability enables attackers to extract the keys, which can subsequently be used to decrypt sensitive data. As a result, an attacker with the ability to intercept network traffic, such as Wi-Fi packets, can gain access to encrypted information, potentially compromising user privacy and security. This vulnerability highlights the importance of secure key management practices in application development to prevent unauthorized access to confidential data.

References

https://github.com/actuator/com.cn.dq.ipc

https://github.com/actuator/com.cn.dq.ipc/blob/main/CVE-2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2024