Login Sign Up

CVE-2023-27648

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a directory traversal vulnerability in T-ME Studios' 'Change Color of Keypad' Android app that allows remote attackers to execute arbitrary code by manipulating dex files in internal storage. The vulnerability affects users of the vulnerable app version on Android devices. Attackers can exploit this to gain control of affected devices.

💻 Affected Systems

Products:
  • T-ME Studios Change Color of Keypad Android app
Versions: v1.275.1.277
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific vulnerable version of this Android keyboard theme app.

📦 What is this software?

Change Color Of Keypad by Timmystudios

View all CVEs affecting Change Color Of Keypad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing data theft, ransomware deployment, botnet enrollment, and persistent backdoor installation.

🟠

Likely Case

Malicious code execution leading to data exfiltration, credential theft, and unauthorized access to device resources.

🟢

If Mitigated

Limited impact with proper app sandboxing and security controls, potentially preventing full device compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit once identified, and public details exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check Google Play Store for updates

Vendor Advisory: https://corporate.timmystudios.com/

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'Change Color of Keypad' 3. Check for available updates 4. Install any available update 5. Restart device

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable application from affected devices

adb uninstall com.jb.gokeyboard.theme.twchangecolorofkeypad

🧯 If You Can't Patch

  • Disable or remove the vulnerable app from all devices
  • Implement network segmentation to isolate affected devices and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Change Color of Keypad > App info

Check Version:

adb shell dumpsys package com.jb.gokeyboard.theme.twchangecolorofkeypad | grep versionName

Verify Fix Applied:

Verify app version is updated beyond v1.275.1.277 in Google Play Store

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in internal storage
  • Suspicious dex file modifications

Network Indicators:

  • Unexpected outbound connections from keyboard app
  • Data exfiltration patterns

SIEM Query:

source="android_logs" app="com.jb.gokeyboard.theme.twchangecolorofkeypad" (event="file_access" OR event="dex_load")

📊 Metadata

CVE ID: CVE-2023-27648
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: April 14, 2023
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27648, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)