How severe is CVE-2023-44126?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-44126?

This is classified as CWE-925, which is a common weakness in software security.

CVE-2023-44126

MEDIUM Year: 2023

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-925

View all →

Vulnerability Description

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.

CVE-2024-20853

MEDIUM

CVSS:5.1(Medium)

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.

CWE-9252024

CVE-2024-20853

MEDIUM

CVSS:5.1(Medium)

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.

CWE-9252024

CVE-2024-10576

CRITICAL

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perf...

CWE-9252024

CVE-2023-44126

Vulnerability Description

Related Vulnerabilities

CVE-2024-20853

CVE-2024-20853

CVE-2024-10576