CVE-2023-38294

Name of the Vulnerable Software and Affected Versions Itel Vision 3 Turbo Android device with pre-installed app com.transsion.autotest.factory version 1.8.0(220310 1027)

Description The vulnerability in the com.transsion.autotest.factory app allows local third-party apps to execute arbitrary shell commands in its context due to inadequate access control. No permissions or special privileges are necessary to exploit this issue. The vulnerability enables local apps to access sensitive functionality, such as granting arbitrary permissions, installing arbitrary apps, video recording the screen, wiping the device, injecting arbitrary input events, calling emergency phone numbers, disabling apps, and accessing notifications. The confirmed vulnerable software build fingerprints for the Itel Vision 3 Turbo device are provided.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.