How severe is CVE-2024-13917?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-13917?

This is classified as CWE-926, which is a common weakness in software security.

CVE-2024-13917 - HIGH Severity | CVSS N/A

Vulnerability Description

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it. Vendor did not provide information about vulnerable versions. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability

Related Vulnerabilities

CVE-2021-25400

HIGH

CVSS:7.8(High)

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.

CWE-9262021

CVE-2021-25388

HIGH

CVSS:7.1(High)

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

CWE-9262021

CVE-2024-36437

MEDIUM

CVSS:6.5(Medium)

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interac...

CWE-9262024

CVE-2023-44121

MEDIUM

CVSS:6.3(Medium)

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a th...

CWE-9262023

CVE-2021-25397

MEDIUM

CVSS:5.5(Medium)

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CWE-9262021

CVE-2021-25526

MEDIUM

CVSS:5.5(Medium)

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

CWE-9262021