https://db.gcve.eu/sightings/feed 2026-05-25T07:30:10.465686+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/a5db741f-abbf-475c-8a39-74550c69591e/export 2026-05-25T07:30:10.951454+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a5db741f-abbf-475c-8a39-74550c69591e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38302", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9223", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38302\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the \"ro.boot.wifi_mac\" system property to indirectly obtain the Wi-Fi MAC address and reads the \"ro.boot.bt_mac\" system property to obtain the Bluetooth MAC address.\n\ud83d\udccf Published: 2024-04-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T21:08:47.726Z\n\ud83d\udd17 References:\n1. https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf", "creation_timestamp": "2025-03-27T21:27:48.000000Z"} 2025-03-27T21:27:48+00:00