Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

Freedom Factory

dGEN1

20260221 - AFFECTED

References

VDB-349557 | Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization

https://vuldb.com/?id.349557

vdb-entrytechnical-description

VDB-349557 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.349557

signaturepermissions-required

Submit #764703 | Freedom Factory dGEN1 phone 1 Broken Authorization

https://vuldb.com/?submit.764703

third-party-advisory

gist.github.com

https://gist.github.com/Lytes/2bd9cb3faf89b114754f00292beabb38

exploit

GitHub Security Advisories

GHSA-7pqm-gjrm-wf96

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts...

https://github.com/advisories/GHSA-7pqm-gjrm-wf96

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-3669

gist.github.com

https://gist.github.com/Lytes/2bd9cb3faf89b114754f00292beabb38

vuldb.com

https://vuldb.com/?ctiid.349557

vuldb.com

https://vuldb.com/?id.349557

vuldb.com

https://vuldb.com/?submit.764703

github.com

https://github.com/advisories/GHSA-7pqm-gjrm-wf96

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3669

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3669",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-07T18:32:07.982Z",
    "dateReserved": "2026-03-06T20:53:29.645Z",
    "datePublished": "2026-03-07T18:32:07.982Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-07T18:32:07.982Z"
      },
      "title": "Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "Freedom Factory",
          "product": "dGEN1",
          "modules": [
            "com.dgen.alarm"
          ],
          "versions": [
            {
              "version": "20260221",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Authorization",
              "cweId": "CWE-285",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Privilege Assignment",
              "cweId": "CWE-266",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.349557",
          "name": "VDB-349557 | Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.349557",
          "name": "VDB-349557 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.764703",
          "name": "Submit #764703 | Freedom Factory dGEN1 phone 1 Broken Authorization",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://gist.github.com/Lytes/2bd9cb3faf89b114754f00292beabb38",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 4.3
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-06T21:58:34.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "VulDB",
          "type": "coordinator"
        }
      ]
    }
  }
}