CVE Catalog

CVE-2024-48786

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile - higher than 38% of all known CVEs

Summary

A vulnerability in the SwitchBot app (version 5.0.4) allows a remote attacker to obtain sensitive information during the firmware update process.

Risk Assessment

The organization risks exposure of confidential data that could be leveraged for further attacks on IoT devices or network infrastructure.

Recommendation

Immediately update the SwitchBot app to the latest available version and monitor network traffic during firmware updates.

Original NVD description (English source)

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS