CVE-2023-35671

Description

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-35671
CVSS Score: 5.5
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

MrTiz

Android App Pin Security Issue Allowing Unauthorized Payments via Google Wallet

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept