Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.3
Freedom Factory dGEN1: Unsecured Access to Android Ethereum Feature
CVE-2026-3668
Summary
The Android Ethereum feature in Freedom Factory dGEN1 has a security flaw that allows unauthorized access. This could be exploited remotely, but it's not easy to do. Freedom Factory has not responded to the security team's notification, so it's unclear if they're working on a fix.
Original title
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper acce...
Original description
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
2.6
nvd CVSS3.1
3.1
nvd CVSS4.0
2.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-284
Improper Access Control
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026