Executive Summary

CVE-2026-30290 is an arbitrary file overwrite vulnerability in the InTouch Contacts & Caller ID app version 6.38.1. It occurs due to insufficient security validation during the file import process, which allows an attacker to manipulate the filename and content of imported files.

By exploiting path traversal techniques, an attacker can overwrite critical internal files within the app’s storage, including executable and configuration files.

This can lead to arbitrary code execution or exposure of sensitive information.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have several severe impacts including:

• Arbitrary code execution, allowing attackers to run malicious code within the app.
• Exposure of sensitive information stored within the app.
• Denial of service or app malfunction, potentially causing the app to fail to launch or operate correctly.
• Privilege escalation, enabling attackers to gain higher access rights.

The attack requires minimal user interaction and can be triggered automatically when the victim opens a malicious app.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves arbitrary file overwrite via the file import process in InTouch Contacts & Caller ID app v6.38.1, exploiting path traversal to overwrite critical internal files.

Detection can focus on monitoring the app's file import activity for suspicious file names or paths that include traversal sequences (e.g., ../) and unexpected modifications to internal executable or configuration files.

Since the vulnerability is triggered by the component `com.intouchapp.activities.ext_share.ExternalShareActivity`, monitoring logs or app behavior related to this component may help detect exploitation attempts.

• Check for unexpected file changes in the app's storage directories, especially executable and configuration files.
• Use file integrity monitoring tools to detect unauthorized overwrites.
• On Android devices, use commands like `adb shell` to inspect app directories and check for suspicious files or modifications.
• Example commands (assuming Android debugging enabled):
• `adb shell run-as com.intouchapp ls -l /data/data/com.intouchapp/files/` to list files in app storage.
• `adb shell run-as com.intouchapp stat /data/data/com.intouchapp/files/<filename>` to check file metadata for suspicious changes.
• Monitor logs for activity related to `ExternalShareActivity` using `adb logcat | grep ExternalShareActivity`.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the file import functionality in the InTouch Contacts & Caller ID app version 6.38.1 until a patch or update is available.

Avoid opening or importing files from untrusted sources to prevent exploitation via malicious file imports.

Monitor and restrict app permissions related to file access and external sharing to limit the attack surface.

If possible, update the app to a version where this vulnerability is fixed once available.

Consider using mobile device management (MDM) solutions to control app behavior and enforce security policies.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Exposure of sensitive information due to this vulnerability could result in non-compliance with data protection regulations such as GDPR or HIPAA, which mandate the protection of personal and health-related data.

Additionally, arbitrary code execution and privilege escalation could compromise the integrity and confidentiality of data, further impacting compliance with these standards.

Useful 0 Not Useful 0