CVE-2026-3671 - Vulnerability Details

- Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization

Description

A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-07

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the TokenBalanceContentProvider function of the org.ethereumphone.walletmanager.testing123 component. An attacker with local access can manipulate requests to this function and obtain unauthorized authorization, effectively bypassing intended access controls and gaining privileged access to token balance information. The vulnerability stems from insufficient permission validation, corresponding to privilege management weaknesses.

Affected Systems

Freedom Factory dGEN1 devices up to the build date 20260221 are affected. All earlier releases using the org.ethereumphone.walletmanager.testing123 component are potentially vulnerable; no additional version detail beyond the last known build date is provided.

Risk and Exploitability

The vulnerability has a CVSS score of 4.8, indicating moderate severity. The EPSS score is under 1 %, suggesting a low probability of exploitation at this time. It is not listed in the CISA KEV catalog, meaning there are no confirmed widespread attacks. The attack vector is local; an attacker must already have physical or local network access to the device to trigger the improper authorization. Given the moderate severity but low exploitation likelihood, the overall risk is considered moderate but should not be ignored, especially in environments with unattended devices.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Freedom Factory

dGEN1

affected

Version	Status	Constraints
`20260221`	affected	—

No data.

Vendor Product Confidence Versions

Freedom Factory

Dgen1

100%

Version	Status	Scheme	Platform
`20260221`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Freedom Factory dGEN1 to a version released after 20260221 or apply any vendor‑supplied patch that addresses inadequate authorization in the TokenBalanceContentProvider.
If no patch is available, restrict local device access by isolating the device from the network and controlling physical access to prevent local attackers from exploiting the flaw.
Disable or remove the org.ethereumphone.walletmanager.testing123 component until a fix is issued, ensuring that no privileged function is left exposed through local manipulation.
Monitor system logs for repeated unauthorized access attempts to the TokenBalanceContentProvider and investigate any suspicious activity promptly.

Generated by OpenCVE AI on April 16, 2026 at 04:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/Lytes/0a270c1d6e65a7312147b5d128dd34b6
https://vuldb.com/?ctiid.349559
https://vuldb.com/?id.349559
https://vuldb.com/?submit.764705

History

Wed, 11 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Freedom Factory Freedom Factory dgen1
Vendors & Products		Freedom Factory Freedom Factory dgen1

Sat, 07 Mar 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization
Weaknesses		CWE-266 CWE-285
References		https://gist.github.com/Lytes/0a270c1d6e65a7312147b5d128dd34b6 https://vuldb.com/?ctiid.349559 https://vuldb.com/?id.349559 https://vuldb.com/?submit.764705
Metrics		cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Freedom Factory Dgen1

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-07T21:32:08.805Z

Updated: 2026-03-11T16:28:38.122Z

Reserved: 2026-03-06T20:53:38.372Z

Link: CVE-2026-3671

Vulnrichment

Updated: 2026-03-11T16:23:03.959Z

NVD

Status : Deferred

Published: 2026-03-07T22:15:49.927

Modified: 2026-04-22T21:27:27.950

Link: CVE-2026-3671

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T04:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object