CVE-2023-47355 – This vulnerability in the Quick Reboot Android ... (How to Fix)

Q: What is the severity of CVE-2023-47355?

CVE-2023-47355 has a CVSS score of 7.5 (HIGH). This vulnerability in the Quick Reboot Android app allows unauthorized apps to send broadcast intents that trigger device power actions without user consent. Any Android device running version 1.0.8 of the com.eypcnnapps.quickreboot app is affected. The exposed broadcast receivers lack input validation, enabling malicious apps to force device reboots, shutdowns, or recovery mode activation.

📋 TL;DR

This vulnerability in the Quick Reboot Android app allows unauthorized apps to send broadcast intents that trigger device power actions without user consent. Any Android device running version 1.0.8 of the com.eypcnnapps.quickreboot app is affected. The exposed broadcast receivers lack input validation, enabling malicious apps to force device reboots, shutdowns, or recovery mode activation.

💻 Affected Systems

Products:

com.eypcnnapps.quickreboot (Quick Reboot)

Versions: 1.0.8

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with this specific app version installed. The app requires root access to function normally, but the vulnerability exists regardless of root status.

📦 What is this software?

Root Quick Reboot by Eyuepcanyilmaz

View all CVEs affecting Root Quick Reboot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could repeatedly reboot or shut down the device, causing denial of service, data loss, or preventing legitimate use of the device.

🟠

Likely Case

Malware or malicious apps could trigger unwanted reboots or shutdowns, disrupting user activities and potentially causing data corruption.

🟢

If Mitigated

With proper Android permission controls and app isolation, impact would be limited to denial of service from the specific vulnerable app.

🌐 Internet-Facing: LOW - This is a local app vulnerability requiring malicious app installation, not directly internet-exploitable.

🏢 Internal Only: MEDIUM - Malicious apps on the same device can exploit this without user interaction once installed.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires creating a malicious Android app that sends broadcast intents to the vulnerable receivers. No authentication or special permissions needed beyond basic app installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Uninstall the vulnerable app version 1.0.8. 2. Check Google Play Store for updated version if available. 3. If no update exists, find alternative reboot utility apps.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the Quick Reboot app version 1.0.8 from affected Android devices

adb uninstall com.eypcnnapps.quickreboot

Disable broadcast receivers via ADB

android

Temporarily disable the vulnerable broadcast receivers using Android Debug Bridge

adb shell pm disable-user --user 0 com.eypcnnapps.quickreboot

🧯 If You Can't Patch

Remove the Quick Reboot app completely from all devices
Use Android's built-in reboot functionality or alternative trusted reboot apps

🔍 How to Verify

Check if Vulnerable:

Check installed apps list for 'com.eypcnnapps.quickreboot' version 1.0.8 via Settings > Apps or using 'adb shell dumpsys package com.eypcnnapps.quickreboot | grep versionName'

Check Version:

adb shell dumpsys package com.eypcnnapps.quickreboot | grep versionName

Verify Fix Applied:

Confirm app is no longer installed or version is different from 1.0.8

📡 Detection & Monitoring

Log Indicators:

Logcat entries showing broadcast intents to com.eypcnnapps.quickreboot.widget.PowerOff, Reboot, or Recovery receivers from unexpected sources

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Not applicable for local Android app vulnerability

📊 Metadata

CVE ID: CVE-2023-47355

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: February 5, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md Exploit,Third Party Advisory
https://play.google.com/store/apps/details?id=com.eypcnnapps.quickreboot Product
https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md Exploit,Third Party Advisory
https://play.google.com/store/apps/details?id=com.eypcnnapps.quickreboot Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47355, you might also want to check these: