CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-8039

CVSS 9.8v3.1pub. 2024-09-14upd. 2026-04-15

Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.

🤖 AI Analysis
How it works

Incorrect permissions configuration (CWE-732) in the mobile application BoomPlayer domain configuration enables an unauthorized attacker to execute an attack without authentication and without any user interaction. The attack vector is network-based, which means the exploit can be conducted remotely over the network. Improper permissions allow the attacker to gain unauthorized access to the victim's account.

Impact

An attacker can take full control of a BoomPlayer application user account, which is associated with potential loss of confidentiality, integrity, and availability of data associated with the account.

Mitigation & patch

Security patches available from the vendor should be applied in accordance with references published by TECNO Security (https://security.tecno.com/SRC/securityUpdates?type=SA). Users should update the BoomPlayer application to the version indicated by the vendor as secure.

Who is affected

BoomPlayer mobile application (com.afmobi.boomplayer) — versions indicated in vendor references (TECNO Security).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References