Freedom Factory CVE-2026-3670
LOWSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Improper authorization in Freedom Factory dGEN1's com.dgen.alarm component (up to version 20260221) allows local authenticated users to bypass access controls and modify system settings. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. The attack requires local access and valid credentials but poses a moderate risk to system integrity and confidentiality.
Technical ContextAI
affects A vulnerability was detected in Freedom Factory dGEN1. was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected ProductsAI
Product: A vulnerability was detected in Freedom Factory dGEN1. Versions: up to 20260221..
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today