Vulnerability Details : CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.
Products affected by CVE-2023-40040
- cpe:2.3:a:mycrops:higrade:1.0.337:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40040
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40040
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-40040
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-40040
-
https://github.com/actuator/cve/blob/main/CVE-2023-40040
cve/CVE-2023-40040 at main · actuator/cve · GitHubThird Party Advisory
Jump to