Description
A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "ro.boot.wifi_mac" system property to indirectly obtain the Wi-Fi MAC address and reads the "ro.boot.bt_mac" system property to obtain the Bluetooth MAC address.
INFO
Published Date :
2024-04-22T00:00:00.000Z
Last Modified :
2025-03-27T21:08:47.726Z
Source :
mitre
AFFECTED PRODUCTS
The following products are affected by CVE-2023-38302 vulnerability.
No data.
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2023-38302.