{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:32:52.448","vulnerabilities":[{"cve":{"id":"CVE-2024-13916","sourceIdentifier":"cvd@cert.pl","published":"2025-05-30T16:15:36.117","lastModified":"2026-04-15T14:34:27.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An application \"com.pri.applock\", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.\nExposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.\n\nOnly version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability. \nApplication update was released in April 2025."},{"lang":"es","value":"La aplicación \"com.pri.applock\", preinstalada en los smartphones Krüger&amp;Matz, permite cifrar cualquier aplicación mediante el código PIN proporcionado por el usuario o datos biométricos. El método público \"query()\" del proveedor de contenido \"com.android.providers.settings.fingerprint.PriFpShareProvider\", expuesto, permite que cualquier otra aplicación maliciosa, sin permisos del sistema Android, extraiga el código PIN. El proveedor no proporcionó información sobre las versiones vulnerables. Solo la versión (nombre de la versión: 13, código de la versión: 33) fue probada y se confirmó que presenta esta vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-926"}]}],"references":[{"url":"https://cert.pl/en/posts/2025/05/CVE-2024-13915","source":"cvd@cert.pl"}]}}]}