CVE-2023-38302

Name of the Vulnerable Software and Affected Versions Sharp Rouvo V device (SHARP/VZW STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0 0 530:user/release-keys)

Description The issue concerns a software build that leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties. These properties can be accessed by any local app on the device without requiring permissions or special privileges. A malicious app can read from the ro.boot.wifi mac system property to obtain the Wi-Fi MAC address and from the ro.boot.bt mac system property to obtain the Bluetooth MAC address.

Recommendations For the Sharp Rouvo V device with the specified software build, consider restricting access to the system properties ro.boot.wifi mac and ro.boot.bt mac to prevent unauthorized apps from obtaining the Wi-Fi and Bluetooth MAC addresses. As a temporary workaround, avoid installing untrusted apps until a patch is available to fix the leak of device identifiers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.