Insufficient Verification of Data Authenticity in the TECNO Mobile com.Afmobi.Boomplayer app that can allow an authentication bypass. An attacker could exploit this flaw to bypass security controls and potentially access or manipulate user-restricted functionality/data without proper credentials.

Impacted Software:

• TECNO Mobile application com.Afmobi.Boomplayer version 7.4.63 is reported to be affected.

Severity:

• CVSS v2 Base Score: 7.5 (High) — this indicates a high-risk issue where successful exploitation could significantly impact confidentiality, integrity, or availability of data/processes.

Weakness Type:

• The underlying weakness is categorized under Insufficient Verification of Data Authenticity (related to CWE-345), which means the application does not properly verify the source or trustworthiness of data it processes.

Impact & Risk

• A successful exploit may allow an attacker to bypass authentication logic — effectively granting unauthorized access to parts of the application that should be protected.
• The vulnerability could lead to unauthorized access to user data or features within the app.

Remediation

• At the time of reporting, no public details on a patched version were available in the advisory sources. Users and administrators should monitor official TECNO security updates or the National Vulnerability Database (NVD) for published patches or mitigation guidance.