CVE-2023-52275

LOW

Tecno Camon X CA7 Gallery3d - Unauthenticated Hidden Image Exposure via Private Album Directory

Title source: llm

Description

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.

References (2)

Core 2

Core References

Exploit

https://github.com/tahaafarooq/gallery3d-tecno-exploit/

View Exploit ZIP pw:eip

Exploit

https://hackmd.io/%40tahaafarooq/bypassing-gallery3d-in-tecno-camon-x

Scores

CVSS v3 2.1

EPSS 0.0028

EPSS Percentile 19.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-862

Status published

Products (1)

tecno-mobile/camon_x_firmware

Published Dec 31, 2023

Tracked Since Feb 18, 2026