ByteOS Network

Vulnerability Details :

CVE-2023-36620

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-03 Nov, 2023 | 00:00

Updated At-05 Sep, 2024 | 15:03

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:03 Nov, 2023 | 00:00

Updated At:05 Sep, 2024 | 15:03

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/	N/A
https://useboomerang.com/	N/A
https://seclists.org/fulldisclosure/2023/Jul/12	N/A

Hyperlink: https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/

Resource: N/A

Hyperlink: https://useboomerang.com/

Resource: N/A

Hyperlink: https://seclists.org/fulldisclosure/2023/Jul/12

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/	x_transferred
https://useboomerang.com/	x_transferred
https://seclists.org/fulldisclosure/2023/Jul/12	x_transferred

Hyperlink: https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/

Resource:

x_transferred

Hyperlink: https://useboomerang.com/

Resource:

x_transferred

Hyperlink: https://seclists.org/fulldisclosure/2023/Jul/12

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-284	CWE-284 Improper Access Control

Type: CWE

CWE ID: CWE-284

Description: CWE-284 Improper Access Control

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:03 Nov, 2023 | 04:15

Updated At:05 Sep, 2024 | 15:35

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

nationaledtech>>boomerang>>Versions before 13.83(exclusive)

cpe:2.3:a:nationaledtech:boomerang:*:*:*:*:*:android:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-284	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-284

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/	cve@mitre.org	Third Party Advisory
https://seclists.org/fulldisclosure/2023/Jul/12	cve@mitre.org	Exploit Mailing List Third Party Advisory
https://useboomerang.com/	cve@mitre.org	Product

Hyperlink: https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://seclists.org/fulldisclosure/2023/Jul/12

Source: cve@mitre.org

Resource:

Exploit

Mailing List

Third Party Advisory

Hyperlink: https://useboomerang.com/

Source: cve@mitre.org

Resource:

Product

Similar CVEs

10Records found

CVE-2024-21483

Matching Score-4

Assigner-Siemens

View Details

Matching Score-4

Assigner-Siemens

CVSS Score-5.1||MEDIUM

EPSS-0.08% / 25.11%

7 Day CHG~0.00%

Published-12 Mar, 2024 | 10:21

Updated-15 Apr, 2025 | 15:27

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data.

Vendor-Siemens AG

Product-SENTRON 7KM PAC3120 DC SENTRON 7KM PAC3220 AC/DC SENTRON 7KM PAC3120 AC/DC SENTRON 7KM PAC3220 DC

CWE ID-CWE-284

Improper Access Control

CVE-2023-6259

Matching Score-4

Assigner-Security Risk Advisors (SRA)

View Details

Matching Score-4

Assigner-Security Risk Advisors (SRA)

CVSS Score-7.1||HIGH

EPSS-0.01% / 1.72%

7 Day CHG~0.00%

Published-19 Feb, 2024 | 21:28

Updated-01 Apr, 2025 | 15:36

Local Access to Sensitive Data in Brivo ACS100 and ACS300

Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.

Vendor-brivo Brivo brivo

Product-acs100 acs300 acs100_firmware acs300_firmware ACS100, ACS300 acs300_firmware acs100_firmware

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2023-34469

Matching Score-4

Assigner-AMI

View Details

Matching Score-4

Assigner-AMI

CVSS Score-4.9||MEDIUM

EPSS-0.07% / 21.59%

7 Day CHG~0.00%

Published-12 Sep, 2023 | 15:21

Updated-24 Sep, 2024 | 20:36

Cold Rest Vulnerabiltiy

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality.

Vendor-AMI

Product-aptio_v AptioV

CWE ID-CWE-284

Improper Access Control

CVE-2023-27879

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.8||MEDIUM

EPSS-0.10% / 28.00%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 19:04

Updated-02 Aug, 2024 | 12:23

Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

Vendor-n/a Intel Corporation

Product-optane_memory_h20_with_solid_state_storage optane_ssd_dc_p4800x_firmware optane_ssd_dc_p4801x_firmware optane_ssd_905p optane_ssd_dc_p4801x optane_memory_h20_with_solid_state_storage_firmware optane_ssd_dc_p4800x optane_ssd_905p_firmware Intel(R) Optane(TM) SSD products

CWE ID-CWE-284

Improper Access Control

CVE-2022-39900

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-4.6||MEDIUM

EPSS-0.07% / 22.80%

7 Day CHG~0.00%

Published-08 Dec, 2022 | 00:00

Updated-23 Apr, 2025 | 15:34

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.

Vendor-Google LLC Samsung Electronics

Product-android Samsung Mobile Devices

CWE ID-CWE-284

Improper Access Control

CVE-2022-36851

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-3.9||LOW

EPSS-0.11% / 30.07%

7 Day CHG~0.00%

Published-09 Sep, 2022 | 14:40

Updated-03 Aug, 2024 | 10:14

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

Vendor-Samsung Samsung Electronics

Product-samsung_pass Samsung pass

CWE ID-CWE-284

Improper Access Control

CVE-2024-1153

Matching Score-4

Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)

View Details

Matching Score-4

Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)

CVSS Score-4.3||MEDIUM

EPSS-0.06% / 17.46%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 13:09

Updated-16 Sep, 2024 | 17:39

Improper Access Control in Talya Informatics' Travel APPS

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.

Vendor-talyabilisim Talya Informatics

Product-travel_apps Travel APPS

CWE ID-CWE-284

Improper Access Control

CVE-2025-25730

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.6||MEDIUM

EPSS-0.03% / 7.57%

7 Day CHG~0.00%

Published-27 Feb, 2025 | 00:00

Updated-28 Feb, 2025 | 20:15

An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself.

Vendor-n/a

Product-n/a

CWE ID-CWE-284

Improper Access Control

CVE-2022-25831

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-2||LOW

EPSS-0.02% / 3.58%

7 Day CHG~0.00%

Published-11 Apr, 2022 | 19:36

Updated-03 Aug, 2024 | 04:49

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

Vendor-Google LLC Samsung Electronics

Product-android Samsung Mobile Devices

CWE ID-CWE-284

Improper Access Control

CVE-2025-21213

Matching Score-4

Assigner-Microsoft Corporation

View Details

Matching Score-4

Assigner-Microsoft Corporation

CVSS Score-4.6||MEDIUM

EPSS-0.14% / 35.09%

7 Day CHG~0.00%

Published-14 Jan, 2025 | 18:04

Updated-02 Apr, 2025 | 13:23

Secure Boot Security Feature Bypass Vulnerability

Vendor-Microsoft Corporation

Product-windows_server_2016 windows_10_1507 windows_10_22h2 windows_10_1607 windows_11_23h2 windows_server_2019 windows_server_2022 windows_10_1809 windows_11_24h2 windows_server_2025 windows_11_22h2 windows_server_2012 windows_10_21h2 windows_server_2022_23h2 Windows 11 version 22H3 Windows 10 Version 1607 Windows Server 2022 Windows 11 version 22H2 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows 10 Version 1507 Windows 10 Version 21H2 Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2 Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 Windows Server 2019 (Server Core installation)Windows Server 2025 Windows 10 Version 22H2 Windows Server 2025 (Server Core installation)Windows 10 Version 1809 Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2

CWE ID-CWE-284

Improper Access Control

CVE-2023-36620

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs