The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
References
Link | Resource |
---|---|
https://github.com/actuator/com.phlox.tvwebbrowser | Exploit Third Party Advisory |
https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md | Exploit Third Party Advisory |
https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk | Exploit Third Party Advisory |
https://github.com/truefedex/tv-bro/pull/182#issue-1901769895 | Issue Tracking |
Configurations
History
09 Jan 2024, 20:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fedirtsapana:tv_bro:*:*:*:*:*:android:*:* | |
First Time |
Fedirtsapana tv Bro
Fedirtsapana |
|
CWE | CWE-94 | |
References | () https://github.com/actuator/com.phlox.tvwebbrowser - Exploit, Third Party Advisory | |
References | () https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/CWE-94.md - Exploit, Third Party Advisory | |
References | () https://github.com/actuator/com.phlox.tvwebbrowser/blob/main/poc.apk - Exploit, Third Party Advisory | |
References | () https://github.com/truefedex/tv-bro/pull/182#issue-1901769895 - Issue Tracking | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
Summary |
|
27 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-27 21:15
Updated : 2024-01-09 20:06
NVD link : CVE-2023-43955
Mitre link : CVE-2023-43955
CVE.ORG link : CVE-2023-43955
JSON object : View
Products Affected
fedirtsapana
- tv_bro
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')