Details of VAR-202105-0825

ID

VAR-202105-0825

CVE

CVE-2021-27941

TITLE

eWeLink Mobile application Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-006558

DESCRIPTION

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process. eWeLink Mobile application Contains an improper authentication vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-27941 // JVNDB: JVNDB-2021-006558 // VULMON: CVE-2021-27941

IOT TAXONOMY

category:

['vehicle device']

sub_category:

mobile device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	coolkit	model:	ewelink	scope:	lte	version:	4.9.1	Trust: 1.0
vendor:	coolkit	model:	ewelink	scope:	lte	version:	4.9.2	Trust: 1.0
vendor:	coolkit	model:	ewelink	scope:	lte	version:	4.9.2 until (android)	Trust: 0.8
vendor:	coolkit	model:	ewelink	scope:	lte	version:	4.9.1 until (ios)	Trust: 0.8
vendor:	coolkit	model:	ewelink	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006558 // NVD: CVE-2021-27941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27941
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27941
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202105-291
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-27941
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-27941
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-27941
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27941
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-27941 // JVNDB: JVNDB-2021-006558 // CNNVD: CNNVD-202105-291 // NVD: CVE-2021-27941

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006558 // NVD: CVE-2021-27941

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-291

PATCH

title:	eWeLink-Smart Home Google Play	url:	https://apps.apple.com/us/app/ewelink-smart-home/id1035163158	Trust: 0.8
title:	eWeLink-QR-Code	url:	https://github.com/salgio/eWeLink-QR-Code	Trust: 0.1

sources: VULMON: CVE-2021-27941 // JVNDB: JVNDB-2021-006558

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27941	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006558	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-291	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-27941	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-27941 // JVNDB: JVNDB-2021-006558 // CNNVD: CNNVD-202105-291 // NVD: CVE-2021-27941

REFERENCES

url:	https://github.com/salgio/ewelink-qr-code	Trust: 2.6
url:	https://apps.apple.com/us/app/ewelink-smart-home/id1035163158	Trust: 1.7
url:	https://play.google.com/store/apps/details?id=com.coolkit&hl=en_us	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27941	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-27941 // JVNDB: JVNDB-2021-006558 // CNNVD: CNNVD-202105-291 // NVD: CVE-2021-27941

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-27941
db:	JVNDB	id:	JVNDB-2021-006558
db:	CNNVD	id:	CNNVD-202105-291
db:	NVD	id:	CVE-2021-27941

LAST UPDATE DATE

2025-01-30T22:31:50.164000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-27941	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006558	date:	2022-01-13T03:29:00
db:	CNNVD	id:	CNNVD-202105-291	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-27941	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-27941	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006558	date:	2022-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-291	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2021-27941	date:	2021-05-06T21:15:07.597