Vulnerabilities > CVE-2023-52275 - Missing Authorization vulnerability in Tecno-Mobile Camon X Firmware

CVSS 2.1 - LOW

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

tecno-mobile

CWE-862

NVD

Published: 2023-12-31

Updated: 2024-01-11

Summary

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.

Vulnerable Configurations

Part	Description	Count
OS	Tecno-Mobile Tecno Mobile Camon X Firmware -	1
Hardware	Tecno-Mobile Tecno Mobile Camon X -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/tahaafarooq/gallery3d-tecno-exploit/
https://hackmd.io/%40tahaafarooq/bypassing-gallery3d-in-tecno-camon-x