CVE-2023-49003

MEDIUM

Simple Mobile Tools Simple Dialer <5.18.1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49003. PoCs published by actuator.

AI-analyzed exploit summary The repository contains a detailed technical analysis of CVE-2023-49003, describing how the `com.simplemobiletools.dialer` Android app's `DialerActivity` and `CallActionReceiver` can be manipulated via external intents to initiate, accept, or decline calls without user consent. It includes PoC code snippets and remediation recommendations.

Description

An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.

Exploits (1)

nomisec WRITEUP 1 stars

by actuator · poc

https://github.com/actuator/com.simplemobiletools.dialer

View Code ZIP pw:eip

The repository contains a detailed technical analysis of CVE-2023-49003, describing how the `com.simplemobiletools.dialer` Android app's `DialerActivity` and `CallActionReceiver` can be manipulated via external intents to initiate, accept, or decline calls without user consent. It includes PoC code snippets and remediation recommendations.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: com.simplemobiletools.dialer version 5.18.1

No auth needed

Prerequisites: ADB access or ability to send intents to the target app

MITRE ATT&CK

T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit

https://github.com/actuator/com.simplemobiletools.dialer/blob/main/CWE-928.md

View Exploit ZIP pw:eip

Third Party Advisory

https://github.com/actuator/cve/blob/main/CVE-2023-49003

Scores

CVSS v3 5.3

EPSS 0.0050

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-862

Status published

Products (1)

simplemobiletools/simple_dialer 5.18.1

Published Dec 27, 2023

Tracked Since Feb 18, 2026