← Back
2026-03-07 18:32CVE-2026-3670VulDB
PUBLISHED5.2CWE-285CWE-266

Freedom Factory dGEN1 com.dgen.alarm improper authorization

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

Freedom Factory

dGEN1

20260221 - AFFECTED

References

VDB-349558 | Freedom Factory dGEN1 com.dgen.alarm improper authorization

https://vuldb.com/?id.349558

vdb-entry
VDB-349558 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/?ctiid.349558

signaturepermissions-required
Submit #764704 | Freedom Factory dGEN1 phone 1 Denial of Service

https://vuldb.com/?submit.764704

third-party-advisory
gist.github.com

https://gist.github.com/Lytes/0accda73c896ea137db832dc4d81345c

exploit

GitHub Security Advisories

GHSA-rgpf-x2pq-6m4q

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown...

https://github.com/advisories/GHSA-rgpf-x2pq-6m4q

A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-3670

gist.github.com

https://gist.github.com/Lytes/0accda73c896ea137db832dc4d81345c

vuldb.com

https://vuldb.com/?ctiid.349558

vuldb.com

https://vuldb.com/?id.349558

vuldb.com

https://vuldb.com/?submit.764704

github.com

https://github.com/advisories/GHSA-rgpf-x2pq-6m4q

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3670
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3670",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-07T18:32:10.175Z",
    "dateReserved": "2026-03-06T20:53:32.678Z",
    "datePublished": "2026-03-07T18:32:10.175Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-07T18:32:10.175Z"
      },
      "title": "Freedom Factory dGEN1 com.dgen.alarm improper authorization",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "Freedom Factory",
          "product": "dGEN1",
          "modules": [
            "com.dgen.alarm"
          ],
          "versions": [
            {
              "version": "20260221",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Authorization",
              "cweId": "CWE-285",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Incorrect Privilege Assignment",
              "cweId": "CWE-266",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.349558",
          "name": "VDB-349558 | Freedom Factory dGEN1 com.dgen.alarm improper authorization",
          "tags": [
            "vdb-entry"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.349558",
          "name": "VDB-349558 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.764704",
          "name": "Submit #764704 | Freedom Factory dGEN1 phone 1 Denial of Service",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://gist.github.com/Lytes/0accda73c896ea137db832dc4d81345c",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 4.3
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-06T21:58:39.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "VulDB",
          "type": "coordinator"
        }
      ]
    }
  }
}