Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Freedom Factory dGEN1: Unauthorized Access to Internal Data
CVE-2026-3667
Summary
A security flaw in Freedom Factory dGEN1 allows an attacker on the same network to access sensitive data without permission. This could lead to unauthorized access to confidential information. Update to the latest version of dGEN1 to fix this issue.
Original title
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation res...
Original description
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026