{"api_version":"1","generated_at":"2026-07-18T01:39:43+00:00","cve":"CVE-2023-29724","urls":{"html":"https://cve.report/CVE-2023-29724","api":"https://cve.report/api/cve/CVE-2023-29724.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-29724","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-29724"},"summary":{"title":"CVE-2023-29724","description":"The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.","state":"PUBLISHED","assigner":"mitre","published_at":"2023-06-02 04:15:49","updated_at":"2026-07-09 01:18:14"},"problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK","name":"https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"],"title":"Just a moment...","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md","name":"https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://bungaakpstudio007.com","name":"http://bungaakpstudio007.com","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-29724","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29724","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"29724","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bt21_x_bts_wallpaper_project","cpe5":"bt21_x_bts_wallpaper","cpe6":"12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"29724","cve":"CVE-2023-29724","epss":"0.003740000","percentile":"0.294980000","score_date":"2026-07-13","updated_at":"2026-07-14 00:13:17"},"legacy_qids":[{"cve":"CVE-2023-29724","qid":"630902","title":"For ios Vulnerability CVE-2023-29724"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-07-09T00:24:48.937Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK"},{"tags":["x_transferred"],"url":"https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2023-29724","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-01-08T20:45:12.896376Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"description":"CWE-noinfo Not enough information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-01-08T20:47:31.678Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-07-05T00:20:12.600Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK"},{"url":"https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2023-29724","datePublished":"2023-06-02T00:00:00.000Z","dateReserved":"2023-04-07T00:00:00.000Z","dateUpdated":"2026-07-09T00:24:48.937Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-06-02 04:15:49","lastModifiedDate":"2026-07-09 01:18:14","problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-08T20:45:12.896376Z","id":"CVE-2023-29724","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bt21_x_bts_wallpaper_project:bt21_x_bts_wallpaper:12:*:*:*:*:android:*:*","matchCriteriaId":"2CF3F2D6-8AB5-4BC8-AE16-E927397B454C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"29724","Ordinal":"1","Title":"CVE-2023-29724","CVE":"CVE-2023-29724","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"29724","Ordinal":"1","NoteData":"The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.","Type":"Description","Title":"CVE-2023-29724"}]}}}