CVE-2026-3674 identifies an improper authorization vulnerability in the Freedom Factory dGEN1 product, version up to 20260221. The vulnerability resides in the FakeAppProvider function within the org.ethosmobile.ethoslauncher component. Due to insufficient authorization checks, a local attacker with limited privileges can manipulate the function to perform unauthorized actions. The attack vector requires local access and low complexity to exploit, with no need for user interaction or elevated privileges beyond local access rights. The vulnerability affects confidentiality, integrity, and availability at a limited scope, as the attacker can potentially access or modify restricted resources or disrupt normal operations within the local environment. The vendor was contacted early but has not responded or issued a patch, and a public exploit is available, increasing the risk of exploitation. The CVSS v4.0 base score is 4.8, reflecting a medium severity level, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (C:L, I:L, A:L). No known exploits in the wild have been reported to date. The lack of vendor response and public exploit availability necessitate immediate mitigation efforts by affected organizations.

The vulnerability allows a local attacker with limited privileges to bypass authorization controls, potentially accessing or modifying sensitive data or disrupting system functions within the affected component. While the impact is limited to local access scenarios, the improper authorization can lead to unauthorized actions that compromise confidentiality, integrity, and availability of the affected system. Organizations relying on Freedom Factory dGEN1 may face risks of insider threats or attackers who have gained local access through other means. The absence of a vendor patch and public exploit availability increases the likelihood of exploitation attempts. This could result in data leakage, unauthorized configuration changes, or service disruptions, impacting operational stability and security posture.

1. Restrict local access to systems running Freedom Factory dGEN1 to trusted users only, enforcing strict access controls and monitoring. 2. Implement host-based intrusion detection and prevention systems to detect anomalous behavior related to the FakeAppProvider function. 3. Employ application whitelisting and privilege separation to limit the ability of local users to manipulate sensitive components. 4. Regularly audit and review local user permissions and remove unnecessary accounts or privileges. 5. Monitor logs for unusual activity indicative of exploitation attempts targeting the FakeAppProvider. 6. Engage with Freedom Factory for updates or patches and consider isolating affected systems until a fix is available. 7. If possible, apply compensating controls such as sandboxing or containerization to limit the impact of potential exploitation. 8. Educate local users about the risks of unauthorized manipulation and enforce strict endpoint security policies.