PT-2021-11979 · Unknown · Gramaddict

N0Kovo

Published

2021-02-17

Updated

2022-05-24

CVE-2020-36245

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GramAddict versions 1.2.3 and earlier

Description: The issue allows remote attackers to execute arbitrary code because of the use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, for example, by being on the same Wi-Fi network.

Recommendations: For GramAddict versions 1.2.3 and earlier, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 7912 to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-306

Related Identifiers

CVE-2020-36245

GHSA-Q5H6-49GG-2WFG

PYSEC-2021-65

Affected Products

Gramaddict

PT-2021-11979 · Unknown · Gramaddict

CVE-2020-36245

Weakness Enumeration

Related Identifiers

Affected Products

References · 11