Search criteria
7 vulnerabilities by Freedom Factory
CVE-2026-3675 (GCVE-0-2026-3675)
Vulnerability from cvelistv5 – Published: 2026-03-07 22:02 – Updated: 2026-03-07 22:02
VLAI?
Title
Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization
Summary
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"org.ethosmobile.ethoslauncher"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T22:02:06.960Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349571 | Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349571"
},
{
"name": "VDB-349571 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349571"
},
{
"name": "Submit #764701 | Freedom Factory dGEN1 phone 1 Broken Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764701"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/1078d9e16897ed95ad24143952adfba6"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T22:20:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3675",
"datePublished": "2026-03-07T22:02:06.960Z",
"dateReserved": "2026-03-06T21:15:22.401Z",
"dateUpdated": "2026-03-07T22:02:06.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3674 (GCVE-0-2026-3674)
Vulnerability from cvelistv5 – Published: 2026-03-07 21:32 – Updated: 2026-03-07 21:32
VLAI?
Title
Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization
Summary
A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"org.ethosmobile.ethoslauncher"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T21:32:15.126Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349570 | Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349570"
},
{
"name": "VDB-349570 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349570"
},
{
"name": "Submit #764700 | Freedom Factory dGEN1 phone 1 Broken Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764700"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T22:20:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3674",
"datePublished": "2026-03-07T21:32:15.126Z",
"dateReserved": "2026-03-06T21:15:18.655Z",
"dateUpdated": "2026-03-07T21:32:15.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3671 (GCVE-0-2026-3671)
Vulnerability from cvelistv5 – Published: 2026-03-07 21:32 – Updated: 2026-03-07 21:32
VLAI?
Title
Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization
Summary
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"org.ethereumphone.walletmanager.testing123"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T21:32:08.805Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349559 | Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349559"
},
{
"name": "VDB-349559 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349559"
},
{
"name": "Submit #764705 | Freedom Factory dGEN1 phone 1 Broken Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764705"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/0a270c1d6e65a7312147b5d128dd34b6"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:58:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3671",
"datePublished": "2026-03-07T21:32:08.805Z",
"dateReserved": "2026-03-06T20:53:38.372Z",
"dateUpdated": "2026-03-07T21:32:08.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3670 (GCVE-0-2026-3670)
Vulnerability from cvelistv5 – Published: 2026-03-07 18:32 – Updated: 2026-03-07 18:32
VLAI?
Title
Freedom Factory dGEN1 com.dgen.alarm improper authorization
Summary
A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"com.dgen.alarm"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T18:32:10.175Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349558 | Freedom Factory dGEN1 com.dgen.alarm improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.349558"
},
{
"name": "VDB-349558 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349558"
},
{
"name": "Submit #764704 | Freedom Factory dGEN1 phone 1 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764704"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/0accda73c896ea137db832dc4d81345c"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:58:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 com.dgen.alarm improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3670",
"datePublished": "2026-03-07T18:32:10.175Z",
"dateReserved": "2026-03-06T20:53:32.678Z",
"dateUpdated": "2026-03-07T18:32:10.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3669 (GCVE-0-2026-3669)
Vulnerability from cvelistv5 – Published: 2026-03-07 18:32 – Updated: 2026-03-07 18:32
VLAI?
Title
Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization
Summary
A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"com.dgen.alarm"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T18:32:07.982Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349557 | Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349557"
},
{
"name": "VDB-349557 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349557"
},
{
"name": "Submit #764703 | Freedom Factory dGEN1 phone 1 Broken Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764703"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/2bd9cb3faf89b114754f00292beabb38"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:58:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3669",
"datePublished": "2026-03-07T18:32:07.982Z",
"dateReserved": "2026-03-06T20:53:29.645Z",
"dateUpdated": "2026-03-07T18:32:07.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3668 (GCVE-0-2026-3668)
Vulnerability from cvelistv5 – Published: 2026-03-07 16:02 – Updated: 2026-03-07 16:02
VLAI?
Title
Freedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access control
Summary
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"org.ethosmobile.webpwaemul"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T16:02:07.691Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349556 | Freedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349556"
},
{
"name": "VDB-349556 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349556"
},
{
"name": "Submit #764702 | Freedom Factory dGEN1 phone 1 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764702"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/5fc292cecdc561f5c010c1f3a8a7bf1d"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T21:58:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3668",
"datePublished": "2026-03-07T16:02:07.691Z",
"dateReserved": "2026-03-06T20:53:14.565Z",
"dateUpdated": "2026-03-07T16:02:07.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3667 (GCVE-0-2026-3667)
Vulnerability from cvelistv5 – Published: 2026-03-07 15:32 – Updated: 2026-03-07 15:32
VLAI?
Title
Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization
Summary
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Freedom Factory | dGEN1 |
Affected:
20260221
|
Credits
VulDB
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"org.ethosmobile.ethoslauncher"
],
"product": "dGEN1",
"vendor": "Freedom Factory",
"versions": [
{
"status": "affected",
"version": "20260221"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T15:32:11.094Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349555 | Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349555"
},
{
"name": "VDB-349555 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349555"
},
{
"name": "Submit #764699 | Freedom Factory dGEN1 phone 1 Broken Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764699"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/Lytes/a94219fa1de3f5173555d5a3e8058f01"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-06T22:18:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3667",
"datePublished": "2026-03-07T15:32:11.094Z",
"dateReserved": "2026-03-06T20:53:00.230Z",
"dateUpdated": "2026-03-07T15:32:11.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}