CVE-2026-3670
Improper Authorization in Freedom Factory dGEN1 com.dgen.alarm
Publication date: 2026-03-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freedom_factory | dgen1 | to 20260221 (exc) |
| freedom_factory | dgen_alarm | to 20260221 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3670 is an improper authorization vulnerability found in the Freedom Factory dGEN1 device, specifically in the dGEN Alarm application component com.dgen.alarm. The vulnerability arises because certain exported components, such as a BroadcastReceiver and an alarm-setting activity, do not properly verify the identity or permissions of the caller. This allows any local application on the device to silently create, trigger, and repeatedly restart alarms without user consent or authentication.'}, {'type': 'paragraph', 'content': "Technically, the BroadcastReceiver (AlarmReceiver) is exported and listens for alarm trigger broadcasts but does not validate the caller's UID, package, or signature. This enables unauthorized apps to send broadcasts that start the alarm service, which plays alarm sounds indefinitely. Additionally, the alarm-setting activity accepts an intent extra that allows alarm creation without user interaction. The lack of proper lifecycle management in the alarm service causes multiple overlapping alarm sounds, leading to a denial-of-service condition."}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can be exploited by any local application on the affected device to silently set and trigger alarms repeatedly without user interaction or consent. The repeated triggering causes multiple overlapping alarm sounds that play indefinitely, effectively creating a denial-of-service (DoS) condition.
- Persistent and disruptive alarm sounds that make the device difficult or impossible to use.
- Potential compromise of system availability due to continuous alarm playback.
- Loss of user control over alarm functions and device behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability requires local access and involves improper authorization in the com.dgen.alarm component of Freedom Factory dGEN1 devices. Detection involves checking for the presence of the vulnerable exported BroadcastReceiver (com.dgen.alarm.receiver.AlarmReceiver) and exported activities that allow alarm setting without user interaction.'}, {'type': 'paragraph', 'content': 'You can detect the vulnerability by inspecting the installed applications and their exported components on the device. For example, using Android Debug Bridge (adb) commands to list exported receivers and activities in the com.dgen.alarm package.'}, {'type': 'list_item', 'content': "adb shell pm dump com.dgen.alarm | grep -i 'android:exported=true' - to identify exported components."}, {'type': 'list_item', 'content': 'adb shell dumpsys package com.dgen.alarm - to get detailed package info including exported receivers and activities.'}, {'type': 'list_item', 'content': 'Check for the presence of the BroadcastReceiver named com.dgen.alarm.receiver.AlarmReceiver and verify if it lacks caller validation.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unusual alarm triggers or persistent alarm sounds without user interaction may indicate exploitation attempts.'}] [3, 2]
What immediate steps should I take to mitigate this vulnerability?
Currently, no official vendor mitigations or patches are available due to lack of vendor response. Immediate mitigation steps focus on restricting access to the vulnerable components and preventing exploitation.
- Restrict local access to the device to trusted users only, as exploitation requires local access.
- If possible, modify the com.dgen.alarm app or its manifest to mark the BroadcastReceiver (com.dgen.alarm.receiver.AlarmReceiver) as non-exported or enforce signature-level permissions to prevent unauthorized access.
- Implement or enforce caller validation checks (UID, package name, signature) on the AlarmReceiver to prevent unauthorized alarm triggering.
- Prevent multiple concurrent MediaPlayer instances by adding lifecycle management to the alarm playback service.
If modification is not feasible, consider replacing the affected product as suggested, or isolating the device from untrusted local applications.