Krüger&Matz com.pri.applock Improper Export of Android Application Components Vulnerability

Vulnerability

A vulnerability exists in the com.pri.applock application, pre-loaded on Krüger&Matz smartphones, version 13 (version code 33). The app allows users to encrypt other applications using a PIN or biometric data. However, the exposed com.pri.applock.LockUI activity enables any malicious application, without requiring special Android permissions, to inject an arbitrary intent with system-level privileges into a protected application. Exploitation requires knowledge of the PIN, which could be obtained by exploiting a related vulnerability, CVE-2024-13916.

Impact

Exploitation of this vulnerability allows for the improper export of an Android application component, enabling unauthorized applications to interact with protected applications using elevated privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Krüger&Matz com.pri.applock Improper Export of Android Application Components Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating