CVE-2023-40040

Name of the Vulnerable Software and Affected Versions MyCrops HiGrade "THC Testing & Cannabi" application version 1.0.337

Description An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application for Android, where a remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. This issue is only exploitable on Android versions that lack runtime permission checks, specifically Android SDK 5.1.1 API 22, which applies to Android Lollipop. It affects less than five percent of Android devices as of 2023.

Recommendations As a temporary workaround, consider disabling the com.cordovaplugincamerapreview.CameraActivity component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.