What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-40040.

What is the severity of CVE-2023-40040?

The severity of CVE-2023-40040 is medium.

What is the affected software for CVE-2023-40040?

The affected software for CVE-2023-40040 is MyCrops HiGrade application version 1.0.337 for Android.

Is CVE-2023-40040 exploitable on all Android versions?

No, CVE-2023-40040 is only exploitable on Android versions that lack runtime.

Vulnerability/
CVE-2023-40040

medium

5.3

CWE

862

11/9/2023

26/9/2024

CVE-2023-40040

First published: Mon Sep 11 2023(Updated: )

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
MyCrops HiGrade	=1.0.337
Google Android	>=5.0<=5.1.1

Never miss a vulnerability like this again

Reference Links

https://github.com/actuator/cve/blob/main/CVE-2023-40040

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40040.
What is the severity of CVE-2023-40040?
The severity of CVE-2023-40040 is medium.
What is the affected software for CVE-2023-40040?
The affected software for CVE-2023-40040 is MyCrops HiGrade application version 1.0.337 for Android.
How can a remote attacker exploit CVE-2023-40040?
A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations.
Is CVE-2023-40040 exploitable on all Android versions?
No, CVE-2023-40040 is only exploitable on Android versions that lack runtime.

agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
collector/mitre-cve
source/MITRE
vendor/mycrops
canonical/mycrops higrade
version/mycrops higrade/1.0.337
vendor/google
canonical/google android
version/google android/5.0
version/google android/5.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.