CVE-2023-29757 – This vulnerability in Blue Light Filter v1.5.5 ... (How to Fix)

Q: What is the severity of CVE-2023-29757?

CVE-2023-29757 has a CVSS score of 7.8 (HIGH). This vulnerability in Blue Light Filter v1.5.5 for Android allows unauthorized apps to manipulate SharedPreference files, leading to privilege escalation attacks. Attackers can gain elevated permissions by exploiting insecure file permissions. Only users of this specific Android app version are affected.

📋 TL;DR

This vulnerability in Blue Light Filter v1.5.5 for Android allows unauthorized apps to manipulate SharedPreference files, leading to privilege escalation attacks. Attackers can gain elevated permissions by exploiting insecure file permissions. Only users of this specific Android app version are affected.

💻 Affected Systems

Products:

Blue Light Filter

Versions: v1.5.5

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android devices with Blue Light Filter v1.5.5 installed. Requires malicious app to be installed alongside vulnerable app.

📦 What is this software?

Blue Light Filter by Leap

View all CVEs affecting Blue Light Filter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with attacker gaining system-level privileges, installing malware, accessing sensitive data, and controlling device functions.

🟠

Likely Case

Unauthorized app gaining elevated permissions to access protected resources, modify system settings, or steal user data without consent.

🟢

If Mitigated

Limited impact with proper app sandboxing and permission controls preventing cross-app data manipulation.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires installing a malicious app on the same device. The vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.5.6 or later

Vendor Advisory: https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29757/CVE%20detailed.md

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for Blue Light Filter 3. Check if update is available 4. Update to v1.5.6 or later 5. Verify update completed successfully

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove Blue Light Filter v1.5.5 from device

Settings > Apps > Blue Light Filter > Uninstall

Restrict app installations

android

Only install apps from trusted sources and review permissions carefully

Settings > Security > Unknown sources (disable)

🧯 If You Can't Patch

Isolate device from sensitive networks and data
Monitor for suspicious app behavior and unusual permission requests

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings > Apps > Blue Light Filter > App info

Check Version:

adb shell dumpsys package com.panaceasoft.blue_light_filter | grep versionName

Verify Fix Applied:

Confirm app version is v1.5.6 or later in app settings

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to SharedPreference files
Permission escalation attempts
Unexpected app behavior

Network Indicators:

Unusual network traffic from Blue Light Filter app

SIEM Query:

app:"Blue Light Filter" AND version:"1.5.5" AND event_type:"privilege_escalation"

📊 Metadata

CVE ID: CVE-2023-29757

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-922

Published: June 9, 2023

Last Updated: January 6, 2025

🔗 References

https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29757/CVE%20detailed.md Exploit,Third Party Advisory
https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29757/CVE%20detailed.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29757, you might also want to check these: