Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-50657. PoCs published by SAHALLL.
AI-analyzed exploit summary The PoC demonstrates an authentication bypass in Owncloud Android app v4.4.1 by hooking the `checkPassCodeIsValid` method in `PassCodeViewModel` using Frida to always return true, bypassing passcode validation.
Description
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method
Exploits (1)
nomisec
WORKING POC
by SAHALLL · poc
https://github.com/SAHALLL/CVE-2024-50657
The PoC demonstrates an authentication bypass in Owncloud Android app v4.4.1 by hooking the `checkPassCodeIsValid` method in `PassCodeViewModel` using Frida to always return true, bypassing passcode validation.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target:
Owncloud Android apk v4.4.1
No auth needed
Prerequisites:
Physical access to the device · Frida installed on the device · Owncloud app running
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Various Sources
https://drive.google.com/drive/folders/1C-ZYjYhmKRGvWs9YN51XOiAS2WxxwdQd?usp=sharing
Various Sources
https://github.com/SAHALLL/CVE-2024-50657
Scores
CVSS v3
6.8
EPSS
0.0043
EPSS Percentile
34.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Published
Nov 22, 2024
Tracked Since
Feb 18, 2026