CVE-2023-44124

LOW Year: 2023
CVSS v3 Score
3.3
Low
Weakness Type
CWE-927
View all →

Vulnerability Description

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.

Related Vulnerabilities

CVE-2022-33733

LOW
CVSS:3.3(Low)

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.

CWE-9272022

CVE-2023-41817

LOW
CVSS:2.8(Low)

An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.

CWE-9272023

CVE-2023-41824

LOW
CVSS:2.8(Low)

An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.

CWE-9272023

CVE-2024-3480

LOW
CVSS:2.8(Low)

An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.

CWE-9272024

CVE-2023-41828

MEDIUM
CVSS:4.4(Medium)

An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.

CWE-9272023

CVE-2023-31014

MEDIUM
CVSS:4.8(Medium)

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer componen...

CWE-9272023