CVE-2023-40040
low-risk
Published 2023-09-11
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.
Do I need to act?
-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Higrade
Affected Vendors
References (2)
Third Party Advisory
https://github.com/actuator/cve/blob/main/CVE-2023-40040
Third Party Advisory
https://github.com/actuator/cve/blob/main/CVE-2023-40040
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal