CVE-2023-42469

LOW

full_dialer <= 1.0.1 - Unauthenticated Phone Call Placement via Crafted Intent

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-42469. PoCs published by actuator.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-42469, an improper input validation vulnerability in the 'Full Dialer' Android app (v1.0.1). The report includes code snippets, CWE mappings, and recommendations for mitigation.

Description

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.

Exploits (1)

nomisec WRITEUP 1 stars
by actuator · poc
https://github.com/actuator/com.full.dialer.top.secure.encrypted

This repository provides a detailed technical analysis of CVE-2023-42469, an improper input validation vulnerability in the 'Full Dialer' Android app (v1.0.1). The report includes code snippets, CWE mappings, and recommendations for mitigation.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Full Dialer v1.0.1
No auth needed
Prerequisites: Access to the same device as the vulnerable app
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 3.3
EPSS 0.0031
EPSS Percentile 22.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
fulldive/full_dialer 1.0.1
Published Sep 13, 2023
Tracked Since Feb 18, 2026