Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Freedom Factory dGEN1: Unauthorized Access Risk from Local Execution
CVE-2026-3675
Summary
A recent issue in Freedom Factory dGEN1's FakeAppReceiver function allows attackers to bypass authorization checks when a malicious action is performed on the same device. This means a malicious user can access unauthorized areas of the system without permission. Freedom Factory has not yet responded to the vulnerability disclosure, so it's unclear when a fix will be available. In the meantime, users should be cautious when using the software and consider taking additional security measures to protect their system.
Original title
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulati...
Original description
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026