CVE-2023-29734 – This vulnerability in edjing Mix v7.09.01 for A... (How to Fix)

Q: What is the severity of CVE-2023-29734?

CVE-2023-29734 has a CVSS score of 9.8 (CRITICAL). This vulnerability in edjing Mix v7.09.01 for Android allows unauthorized apps to manipulate the application's database, leading to privilege escalation attacks. Attackers can gain elevated permissions or control over the app's functionality. Only users of this specific Android app version are affected.

📋 TL;DR

This vulnerability in edjing Mix v7.09.01 for Android allows unauthorized apps to manipulate the application's database, leading to privilege escalation attacks. Attackers can gain elevated permissions or control over the app's functionality. Only users of this specific Android app version are affected.

💻 Affected Systems

Products:

edjing Mix

Versions: v7.09.01

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version of edjing Mix. Requires malicious app to be installed on same device.

📦 What is this software?

Edjing Mix by Mwm

View all CVEs affecting Edjing Mix →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the edjing Mix app, allowing unauthorized apps to execute arbitrary code with the app's permissions, potentially accessing sensitive device data or performing malicious actions.

🟠

Likely Case

Unauthorized apps modifying the database to change app settings, access user data, or disrupt functionality without user consent.

🟢

If Mitigated

Limited impact if app permissions are restricted and database access is properly secured through Android's security model.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a malicious app to be installed on the same Android device. Database manipulation techniques are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later than v7.09.01

Vendor Advisory: https://play.google.com/store/apps/details?id=com.edjing.edjingdjturntable

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'edjing Mix' 3. Click 'Update' if available 4. Restart the app after update

🔧 Temporary Workarounds

Uninstall vulnerable version

android

Remove the vulnerable app version from the device

Settings > Apps > edjing Mix > Uninstall

Restrict app permissions

android

Limit the app's permissions to minimum required functionality

Settings > Apps > edjing Mix > Permissions > Disable unnecessary permissions

🧯 If You Can't Patch

Isolate the app by not installing other apps from untrusted sources on the same device
Monitor for unusual app behavior or permission requests

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings > Apps > edjing Mix > App info

Check Version:

adb shell dumpsys package com.edjing.edjingdjturntable | grep versionName

Verify Fix Applied:

Verify app version is newer than 7.09.01 in Google Play Store or app settings

📡 Detection & Monitoring

Log Indicators:

Unusual database access patterns from other apps
Permission escalation attempts in Android logs

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

AppPackageName='com.edjing.edjingdjturntable' AND Version='7.09.01'

📊 Metadata

CVE ID: CVE-2023-29734

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: May 30, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29734/CVE%20detail.md Exploit,Third Party Advisory
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29734/CVE%20detail.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29734, you might also want to check these: