Skip to main content

Freedom Factory CVE-2026-3667

LOW
Incorrect Privilege Assignment (CWE-266)
2026-03-07 cna@vuldb.com
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
CVSS changed
Apr 22, 2026 - 21:37 NVD
5.3 (MEDIUM) 4.8 (MEDIUM)
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 07, 2026 - 16:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authorization in the FakeAppService function of Freedom Factory dGEN1 (up to version 20260221) allows local users with standard privileges to gain unauthorized access to protected resources. Public exploit code is available for this vulnerability, though no patch has been released by the vendor despite early notification.

Technical ContextAI

affects A security flaw has been discovered in Freedom Factory dGEN1. A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected ProductsAI

Product: A security flaw has been discovered in Freedom Factory dGEN1. Versions: up to 20260221..

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-3667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy