Login Sign Up

CVE-2023-27647

7.1 HIGH
Denial of Service

📋 TL;DR

This vulnerability in DUALSPACE Lock Master v2.2.4 allows local attackers to cause denial of service or access sensitive information through improper access control in the SharedPrefProvider component. It affects Android users who have this specific version of the app installed. The issue stems from insecure implementation of the insert method in the app's content provider.

💻 Affected Systems

Products:
  • DUALSPACE Lock Master
Versions: v2.2.4
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific version 2.2.4 of DUALSPACE Lock Master app on Android devices.

📦 What is this software?

Lock Master by Dualspace

View all CVEs affecting Lock Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to sensitive app data including potentially stored credentials or lock patterns, leading to complete compromise of the app's security functionality.

🟠

Likely Case

Local attacker causes app crashes (denial of service) or accesses limited sensitive information stored within the app's shared preferences.

🟢

If Mitigated

With proper Android permission controls and app sandboxing, impact is limited to the specific app's data rather than system-wide compromise.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Within an organization, malicious insiders or compromised devices could exploit this to access sensitive app data.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the device. The vulnerability is documented with technical details in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check for updates in Google Play Store

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for DUALSPACE Lock Master 3. If update available, tap Update 4. Restart device after update completes

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable version of DUALSPACE Lock Master from the device

adb uninstall com.ludashi.superlock

Disable app permissions

android

Revoke all permissions from the vulnerable app in Android settings

🧯 If You Can't Patch

  • Isolate device from sensitive networks and data
  • Monitor for unusual app behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > DUALSPACE Lock Master > App info

Check Version:

adb shell dumpsys package com.ludashi.superlock | grep versionName

Verify Fix Applied:

Verify app version is updated beyond v2.2.4 in Google Play Store

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to com.ludashi.superlock content provider
  • App crashes or unexpected behavior in Lock Master

Network Indicators:

  • No network indicators - local vulnerability only

SIEM Query:

No applicable network SIEM query - monitor local app logs and behavior

📊 Metadata

CVE ID: CVE-2023-27647
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-276
Published: April 14, 2023
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27647, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)