CVE-2023-42469

LOW

Fulldive Full Dialer - Missing Authorization

Title source: rule

Description

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.

Exploits (1)

nomisec WRITEUP 1 stars

by actuator · poc

https://github.com/actuator/com.full.dialer.top.secure.encrypted

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit

https://github.com/actuator/com.full.dialer.top.secure.encrypted

Exploit

https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/dial.gif

Exploit

https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/poc.apk

Third Party Advisory

https://github.com/actuator/cve/blob/main/CVE-2023-42469

Scores

CVSS v3 3.3

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

fulldive/full_dialer 1.0.1

Published Sep 13, 2023

Tracked Since Feb 18, 2026