Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.
The vulnerability results from insufficient verification of data authenticity (CWE-345) in the com.Afmobi.Boomplayer application version 7.4.63. A remote attacker, without authentication and without user interaction, can provide crafted data that is not properly verified for authenticity. As a result, the authentication mechanism is bypassed, and the attacker gains unauthorized access to protected functions or application resources.
An attacker can gain unauthorized access to application resources, potentially leading to confidentiality breach, data modification, or service disruption without possessing any permissions.
Update the Boomplay application to a version higher than 7.4.63. Detailed information about available patches can be found on the manufacturer's website: https://security.tecno.com/SRC/securityUpdates
Boomplay application (com.Afmobi.Boomplayer) version 7.4.63 on Android platform (TECNO Mobile).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTecno Boomplay
APPTecno≤ 7.4.63
Related vulnerabilities
Brak uwierzytelnienia w aplikacji systemowej Tecno HiOS (com.transsion.kolun.aiservice)
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information l...
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to c...
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N...
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthori...