CVE-2020-0453

MEDIUM

Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-0453. PoCs published by nanopathi, Trinadh465, pazhanivel07.

AI-analyzed exploit summary This repository contains source code files from the Android NFC stack, specifically focusing on the CVE-2020-0453 vulnerability. The files include implementations of synchronization primitives, data queues, and NFC-related functionality, but no explicit exploit code is present.

Description

In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474

Exploits (4)

gitlab WRITEUP
by nanopathi · poc
https://gitlab.com/nanopathi/Packages_apps_Nfc_CVE-2020-0453

This repository contains source code files from the Android NFC stack, specifically focusing on the CVE-2020-0453 vulnerability. The files include implementations of synchronization primitives, data queues, and NFC-related functionality, but no explicit exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android NFC stack
No auth needed
Prerequisites: Access to vulnerable Android NFC stack
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by Trinadh465 · poc
https://github.com/Trinadh465/packages_apps_Nfc_AOSP10_r33_CVE-2020-0453

This repository contains a proof-of-concept exploit for CVE-2020-0453, targeting a vulnerability in the Android NFC component. The exploit involves modified source files from the AOSP NFC stack, likely demonstrating a memory corruption or logic flaw in the NCI (NFC Controller Interface) layer.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android NFC (AOSP 10 r33)
No auth needed
Prerequisites: Physical proximity to the target device · NFC-enabled device running vulnerable Android version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by nanopathi · poc
https://github.com/nanopathi/Packages_apps_Nfc_CVE-2020-0453

This repository contains a proof-of-concept exploit for CVE-2020-0453, a vulnerability in the Android NFC component. The exploit involves modified source files from the Android Open Source Project (AOSP) to demonstrate the flaw.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android NFC component (AOSP)
No auth needed
Prerequisites: Physical access or proximity to exploit NFC vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by pazhanivel07 · poc
https://github.com/pazhanivel07/Nfc_CVE-2020-0453

This repository contains a proof-of-concept exploit for CVE-2020-0453, a vulnerability in Android's NFC component. The code includes modifications to NFC-related files, likely demonstrating a privilege escalation or memory corruption issue.

Classification
Working Poc 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Android NFC component (version not specified)
No auth needed
Prerequisites: Physical access or proximity to exploit NFC vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-11-01

Scores

CVSS v3 5.5
EPSS 0.0025
EPSS Percentile 16.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (3)
google/android 8.0
google/android 8.1
google/android 9.0
Published Nov 10, 2020
Tracked Since Feb 18, 2026