CVE-2023-38290

Name of the Vulnerable Software and Affected Versions com.evenwell.fqc version 9.0208.01 com.evenwell.fqc version 9.0209.13 com.evenwell.fqc version 9.0212.03

Description The vulnerability in the com.evenwell.fqc app allows local third-party apps to execute arbitrary shell commands in its context due to inadequate access control. No permissions or special privileges are necessary to exploit this issue. The vulnerability enables local apps to access sensitive functionality, such as granting arbitrary permissions, installing arbitrary apps, video recording the screen, wiping the device, injecting arbitrary input events, calling emergency phone numbers, disabling apps, and accessing notifications.

Recommendations For com.evenwell.fqc version 9.0208.01, consider disabling the com.evenwell.fqc/.activity.ClickTest activity and restricting access to the com.evenwell.fqc/.FQCService service component to minimize the risk of exploitation. For com.evenwell.fqc version 9.0209.13, consider disabling the com.evenwell.fqc/.activity.ClickTest activity and restricting access to the com.evenwell.fqc/.FQCService service component to minimize the risk of exploitation. For com.evenwell.fqc version 9.0212.03, consider disabling the com.evenwell.fqc/.activity.ClickTest activity and restricting access to the com.evenwell.fqc/.FQCService service component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.