How severe is CVE-2023-40040?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-40040?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2023-40040 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.

Related Vulnerabilities

CVE-2017-1000105

MEDIUM

CVSS:5.3(Medium)

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was...

CWE-8622017

CVE-2017-8217

MEDIUM

CVSS:5.3(Medium)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.

CWE-8622017

CVE-2018-1000022

MEDIUM

CVSS:5.3(Medium)

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wa...

CWE-8622018

CVE-2018-10207

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted...

CWE-8622018

CVE-2018-18004

MEDIUM

CVSS:5.3(Medium)

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL paramet...

CWE-8622018

CVE-2018-21257

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.

CWE-8622018