CVE-2020-0394

HIGH

Android - Tapjacking via BluetoothPairingDialog Insecure Default

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-0394. PoCs published by pazhanivel07, ShaikUsaf.

AI-analyzed exploit summary The repository contains source code files from the Android Settings app, specifically focusing on CVE-2020-0394. The code includes various classes and components, but no explicit exploit or proof-of-concept is present. The files appear to be part of a technical analysis or patch review.

Description

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639

Exploits (4)

gitlab WRITEUP
by pazhanivel07 · poc
https://gitlab.com/pazhanivel07/Settings_10-r33_CVE-2020-0394_02

The repository contains source code files from the Android Settings app, specifically focusing on CVE-2020-0394. The code includes various classes and components, but no explicit exploit or proof-of-concept is present. The files appear to be part of a technical analysis or patch review.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android Settings (version 10-r33)
No auth needed
Prerequisites: Access to the Android Settings app source code
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by pazhanivel07 · poc
https://github.com/pazhanivel07/Settings_10-r33_CVE-2020-0394_02

This repository contains a proof-of-concept exploit for CVE-2020-0394, a vulnerability in Android Settings. The exploit appears to target a privilege escalation or intent redirection flaw, likely involving the ActivityPicker component.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android Settings (version 10-r33)
No auth needed
Prerequisites: Access to a vulnerable Android device · Ability to install or run the exploit code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by pazhanivel07 · poc
https://github.com/pazhanivel07/Settings_10-r33_CVE-2020-0394

This repository contains a proof-of-concept exploit for CVE-2020-0394, a vulnerability in Android Settings. The exploit appears to target a privilege escalation or arbitrary activity launch flaw, leveraging intents and package manager interactions.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android Settings (version 10-r33)
No auth needed
Prerequisites: Access to a vulnerable Android device · Ability to install or run the exploit code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ShaikUsaf · poc
https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2020-0394

This repository contains a proof-of-concept exploit for CVE-2020-0394, targeting Android's Settings app. The exploit leverages a vulnerability in the ActivityPicker component to achieve arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Settings app (AOSP10_r33)
No auth needed
Prerequisites: Access to the target device · Ability to send malicious intents
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0027
EPSS Percentile 18.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1188 CWE-1021
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published Sep 17, 2020
Tracked Since Feb 18, 2026