CVE-2023-40040

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 11, 2023

Updated: Sep 13, 2023

CWE ID 862

Summary

CVE-2023-40040 is a vulnerability affecting the MyCrops HiGrade "THC Testing & Cannabi" Android application version 1.0.337. A remote attacker can trigger the camera feed through the com.cordovaplugincamerapreview.CameraActivity component under specific conditions. However, this vulnerability is only exploitable on Android devices running versions that lack runtime permission checks, specifically Android SDK 5.1.1 API 22 (Android Lollipop), which accounts for less than five percent of Android devices as of 2023.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sRHYwx
https://www.cve.org/CVERecord?id=CVE-2023-40040
https://nvd.nist.gov/vuln/detail/CVE-2023-40040

Back to Vulnerability Database

CVE-2023-40040

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations