CVE-2026-3674 - Vulnerability Details

- Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization

Description

A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-07

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The FakeAppProvider function in org.ethosmobile.ethoslauncher allows local manipulation that bypasses authorization checks, giving a local user access to actions that should require higher privileges. This improper authorization can lead to unintended operation execution or data access that the attacker is not entitled to. The weakness corresponds to common authorization flaws defined in CWE‑266 and CWE‑285.

Affected Systems

The vulnerability affects Freedom Factory dGEN1 devices running firmware versions up to 20260221. No other versions or products are listed as affected. The issue resides in the org.ethosmobile.ethoslauncher component of the device’s operating environment.

Risk and Exploitability

CVSS scores of 4.8 mark the issue as moderate in severity, while an EPSS of less than 1% indicates that real‑world exploitation is currently expected to be rare. Because the attack requires local access and no public exploit has yet been documented beyond the disclosed manipulation, the immediate risk is low, but the vendor has not released a fix and has not responded to notification. The vulnerability’s presence in the system is therefore a potential risk for anyone who can log into the device locally, and mitigation steps should be taken even in the absence of an official patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Freedom Factory

dGEN1

affected

Version	Status	Constraints
`20260221`	affected	—

No data.

Vendor Product Confidence Versions

Freedom Factory

Dgen1

100%

Version	Status	Scheme	Platform
`20260221`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Restrict local user privileges to prevent manipulation of org.ethosmobile.ethoslauncher components.
Disable or remove the FakeAppProvider module if it is not required for device operation.
Monitor device logs for unexpected invocations of FakeAppProvider and investigate anomalies.
Apply any vendor‑issued update or patch as soon as it becomes available.

Generated by OpenCVE AI on April 16, 2026 at 04:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c
https://vuldb.com/?ctiid.349570
https://vuldb.com/?id.349570
https://vuldb.com/?submit.764700

History

Wed, 11 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Freedom Factory Freedom Factory dgen1
Vendors & Products		Freedom Factory Freedom Factory dgen1

Sat, 07 Mar 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization
Weaknesses		CWE-266 CWE-285
References		https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c https://vuldb.com/?ctiid.349570 https://vuldb.com/?id.349570 https://vuldb.com/?submit.764700
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Freedom Factory Dgen1

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-07T21:32:15.126Z

Updated: 2026-03-11T16:28:26.733Z

Reserved: 2026-03-06T21:15:18.655Z

Link: CVE-2026-3674

Vulnrichment

Updated: 2026-03-11T16:22:59.379Z

NVD

Status : Deferred

Published: 2026-03-07T22:15:50.350

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3674

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T04:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object