Vulnerability Description
Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Jo
- https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Jo
FAQ
What is CVE-2023-38292?
CVE-2023-38292 is a vulnerability with a CVSS score of 8.7 (HIGH). Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') tha...
How severe is CVE-2023-38292?
CVE-2023-38292 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38292?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.