CVE-2023-36621

Published: Nov 3, 2023Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.

Affected (1)

Products: Nationaledtech: Boomerang

Nationaledtech

1 product

Boomerang

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nationaledtech Boomerang	Before 13.83

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/fulldisclosure/2023/Jul/12

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://useboomerang.com/

Source: cve@mitre.org

Product

https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/fulldisclosure/2023/Jul/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://useboomerang.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.