Remote Information Disclosure Vulnerability in SwitchBot by SWITCHBOT INC
CVE-2024-48786

Currently unrated

Key Information:

Vendor: SWITCHBOT INC
Status: SwitchBot
Vendor: CVE Published:; 11 October 2024

🔔 Create SWITCHBOT INC Vulnerability Alert

What is CVE-2024-48786?

A vulnerability has been identified in the SwitchBot application (version 5.0.4) by SWITCHBOT INC that allows an attacker to remotely gain access to sensitive information through the firmware update mechanism. This issue poses a significant risk, as it could enable malicious actors to exploit the update process and extract confidential data without user knowledge. Users of SwitchBot are advised to remain vigilant and monitor for any security updates or patches.

References

http://switchbot.com

https://github.com/HankJames/Vul-Reports/blob/main/Firmwa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Oct 8, 2024

JSON