Vulnerabilities > CVE-2023-42469 - Missing Authorization vulnerability in Fulldive Full Dialer 1.0.1

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
local
low complexity
fulldive
CWE-862
NVD
Published: 2023-09-13
Updated: 2024-11-21

Summary

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.

Vulnerable Configurations

Part Description Count
Application
Fulldive
1

Common Weakness Enumeration (CWE)

References