CVE Catalog
CVE-2024-48786
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.49%
38th percentile - higher than 38% of all known CVEs
Summary
A vulnerability in the SwitchBot app (version 5.0.4) allows a remote attacker to obtain sensitive information during the firmware update process.
Risk Assessment
The organization risks exposure of confidential data that could be leveraged for further attacks on IoT devices or network infrastructure.
Recommendation
Immediately update the SwitchBot app to the latest available version and monitor network traffic during firmware updates.
Original NVD description (English source)
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.

