CVE-2024-13916

30.05.2025, 16:15

Anapplication "com.pri.applock", which is pre-loaded onKruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.
Exposed com.android.providers.settings.fingerprint.PriFpShareProvider content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.

Vendor did not provide information about vulnerable versions.
Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
CERT-PL	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.

References

https://cert.pl/en/posts/2025/05/CVE-2024-13915