Vulnerability Description
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedirtsapana | Tv Bro | <= 2.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/actuator/com.phlox.tvwebbrowserExploitThird Party Advisory
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.mdExploitThird Party Advisory
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apkExploitThird Party Advisory
- https://github.com/truefedex/tv-bro/pull/182#issue-1901769895Issue Tracking
- https://github.com/actuator/com.phlox.tvwebbrowserExploitThird Party Advisory
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.mdExploitThird Party Advisory
- https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apkExploitThird Party Advisory
- https://github.com/truefedex/tv-bro/pull/182#issue-1901769895Issue Tracking
FAQ
What is CVE-2023-43955?
CVE-2023-43955 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perfor...
How severe is CVE-2023-43955?
CVE-2023-43955 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-43955?
Check the references section above for vendor advisories and patch information. Affected products include: Fedirtsapana Tv Bro.