This repo describes a vulnerability affecting the QR code based pairing process of the eWeLink IoT devices (CVE-2020-12702).
eWeLink mobile Application - Incorrect Access Control Vulnerability (CVE-2021-27941) Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 492 on Android and through 491 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by moni