Login Sign Up

CVE-2022-23729

7.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to access the Android Debug Bridge (ADB) shell on LG mobile devices without authentication when the device is in factory state. This affects LG mobile devices that haven't been properly configured after initial setup. Attackers with physical access or network access to the device can exploit this.

💻 Affected Systems

Products:
  • LG mobile devices
Versions: Specific versions not publicly detailed in available references
Operating Systems: Android (LG-specific implementation)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices in factory state (not yet configured after initial boot). The LG ID LVE-SMP-210010 suggests this affects multiple LG mobile models.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing installation of malware, data theft, and persistent backdoor access to the device.

🟠

Likely Case

Unauthorized access to device shell leading to data extraction, privilege escalation, or installation of malicious applications.

🟢

If Mitigated

Limited impact if devices are properly configured and not left in factory state after initial setup.

🌐 Internet-Facing: LOW - Requires physical access or local network access to exploit.
🏢 Internal Only: MEDIUM - Devices in factory state within organizations could be compromised by internal actors or visitors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access or network access to the device while it's in factory state. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://lgsecurity.lge.com/bulletins/mobile

Restart Required: Yes

Instructions:

1. Check LG security bulletins for specific patch information. 2. Update affected LG mobile devices to the latest firmware. 3. Ensure devices are properly configured after initial setup.

🔧 Temporary Workarounds

Disable ADB in factory state

android

Configure devices to require ADB authentication even in factory state

adb shell settings put global adb_enabled 0

Complete device setup

all

Ensure all devices are fully configured and out of factory state before deployment

🧯 If You Can't Patch

  • Physically secure devices to prevent unauthorized access during initial setup
  • Ensure devices are never left in factory state in accessible locations

🔍 How to Verify

Check if Vulnerable:

Check if ADB shell is accessible without authentication on a device in factory state using: adb connect <device_ip>

Check Version:

adb shell getprop ro.build.version.incremental

Verify Fix Applied:

Attempt ADB connection without authentication after applying updates - should require authentication

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized ADB connection attempts
  • ADB shell access without authentication logs

Network Indicators:

  • ADB protocol traffic (port 5555) to devices in factory state

SIEM Query:

source="android_logs" AND "adb" AND "unauthorized" OR "factory state"

📊 Metadata

CVE ID: CVE-2022-23729
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-305
Published: March 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23729, you might also want to check these:

CVE-2025-4320 10.0

This vulnerability allows attackers to bypass authentication and exploit weak password recovery mech...

Same vulnerability type (CWE-305)
CVE-2025-24522 10.0

KUNBUS Revolution Pi OS Bookworm 01/2025 has no authentication configured by default for its Node-RE...

Same vulnerability type (CWE-305)
CVE-2025-36386 9.8

CVE-2025-36386 is an authentication bypass vulnerability in IBM Maximo Application Suite that allows...

Same vulnerability type (CWE-305)