CVE-2021-0383

Name of the Vulnerable Software and Affected Versions: Android versions Android-11

Description: The issue is related to a confused deputy in CaptivePortalLoginActivity.java, which could lead to local escalation of privilege in carrier settings. No additional execution privileges are needed for exploitation, and user interaction is not required.

Recommendations: For Android version Android-11, consider restricting access to the CaptivePortalLoginActivity to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit the privileges assigned to carrier settings to reduce the potential impact of this issue.