This vulnerability arises from a logic error in the adbd_tls_verify_cert function of Android's auth.cpp, which handles wireless ADB mutual authentication. Due to this error, an attacker in proximity can bypass the authentication mechanism and execute code remotely with shell user privileges. The vulnerability affects multiple recent Android versions (14 through 16-qpr2) and does not require user interaction, increasing its risk. The CVSS score is 8.8, reflecting high impact on confidentiality, integrity, and availability.

Successful exploitation allows an attacker within wireless range to execute arbitrary code remotely as the shell user on the affected Android device. This can lead to full compromise of the device's security, including unauthorized access and control. No additional privileges or user interaction are needed, making the vulnerability particularly serious.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround information is currently available. Users and administrators should monitor Google's security advisories for updates and apply patches promptly once released.