An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.
97d62dd567fb988f3824a1cbb6eab402cf63cfefc3ddcaca2c3268d749b6814d
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to.
f549ef3c39fe38d7059dc9eac35c3af42528503ec1e98721a75f5dc9da7da20f
An issue was discovered in WiZ Colors A60 1.14.0. Applications use general logs to reflect all kind of information to the terminal. The WIZ application does also use logs, however instead of only generic information also API credentials are submitted to the android log. The information that is reflected in the logging can be used to perform authorized requests in behalf of the user and therefore controlling the lights just as the user can do using the application. In order to obtain the information access to the device logs is required. This can most easily be done via local access and also by other apps on rooted devices.
6492b2c8cbbe7c07a81425d4126782dccb464f0c1bd39f043a2040c848da6ea8