stordoff 1 day ago

FWIW, there seems to have another attempt (about a year later) to bring these issues to the company's attention, also without success:

> 1st September 2023 - Initial contact - Multiple points of contact within eLinkSmart e-mailed with a high-level description of the issues and proof-of-concept code.

> 19th September 2023 - Follow-up after no response from vendor.

> 11th October 2023 - Follow-up after no response from vendor. Intention to publicise findings communicated.

> 8th December 2023 - Public presentation of findings at BSides London.

> 6th February 2024 - Blog post publication.

https://labs.withsecure.com/publications/elinksmart---unlock...

1
moonsword 1 day ago

Wild, that the SQLi was still there...