CVE-2009-2348

Android 1.5 CRBxx - Unauthenticated Permission Bypass via Camera and Microphone Access

Title source: llm
STIX 2.1

Description

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

Scores

EPSS 0.0036
EPSS Percentile 28.0%

Details

CWE
CWE-94
Status published
Products (1)
google/android 1.5
Published Jul 17, 2009
Tracked Since Feb 18, 2026