Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
Incorrect permissions configuration (CWE-732) in the mobile application BoomPlayer domain configuration enables an unauthorized attacker to execute an attack without authentication and without any user interaction. The attack vector is network-based, which means the exploit can be conducted remotely over the network. Improper permissions allow the attacker to gain unauthorized access to the victim's account.
An attacker can take full control of a BoomPlayer application user account, which is associated with potential loss of confidentiality, integrity, and availability of data associated with the account.
Security patches available from the vendor should be applied in accordance with references published by TECNO Security (https://security.tecno.com/SRC/securityUpdates?type=SA). Users should update the BoomPlayer application to the version indicated by the vendor as secure.
BoomPlayer mobile application (com.afmobi.boomplayer) — versions indicated in vendor references (TECNO Security).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H