Android Firmware Vulnerabilities – November 2019
Overview
Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning from low-end to flagship. Our primary focus was exposing pre-positioned threats on Android devices sold by United States (US) carriers, although our results affect devices worldwide.
Mitigation
Utilizing Kryptowire’s automated firmware scanning tools we are able to provide up to date detection of these vulnerabilities as new firmware and devices are introduced into your organization. To request more information about our firmware scanning service please click the link below.
Mobile Vulnerability
Discovering vulnerabilities can be cumbersome, error-prone, and costly when your employees’ devices have hundreds of third-party applications, updates, and libraries that are exposed to software vulnerabilities and zero-day threats on a daily basis.
goto mobile vulnerability
Vulnerability Types
Common Vulnerabilities and Exposures (CVEs) are detailed in the following graph. System properties modification is the most common at 28.1%, with Wireless Settings Modification following at 17.8%. [Additional discovery still needed on accessible graphing plug-in or solution. Currently looking at 'high charts']
0
Total CVEs
Affected Vendors
Common Vulnerabilities and Exposures (CVEs) are detailed in the following graph. System properties modification is the most common at 28.1%, with Wireless Settings Modification following at 17.8%. [Additional discovery still needed on a graphing plug-in or solution. Currently looking at 'high charts']
0
Vendors
CVE Details
View the complete 'Common Vulnerabilities and Exposures' list.
| CVE | Violation | Manufacturer | Model | Status | Package Name | App Version Code | App Version Name | OS Version | Device Build Fingerprint | CVE Info |
|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2019-15357 | System Properties Modification | Advan | i6A | Exploitable by local app | com.mediatek.wfo.impl | 8.1 | ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Advan Affected product: Product=Advan i6A, Version=ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
||
| CVE-2019-15383 | System Properties Modification | Allview | X5 | Exploitable by local app | com.mediatek.wfo.impl | 8.1 | ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Allview Affected product: Product=Allview X5, Version=ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
||
| CVE-2019-15387 | Wireless Settings Modification | Archos | Core 101 | Exploitable by local app | com.roco.autogen | 1 | 1 | 8.1 | archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Archos Affected product: Product=Archos Core 101, Version=archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.roco.autogen with a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15391 | System Properties Modification | Asus | ASUS_X00LD | Exploitable by local app | com.log.logservice | 1 | 1 | 8.1.0 | asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=Asus ZenFone 4 Selfie, Version=asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.log.logservice with a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.log.logservice to obtain a capability that a third-party app cannot directly be granted. Description: The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15392 | System Properties Modification | Asus | ASUS_X00TD | Exploitable by local app | com.log.logservice | 1 | 1 | Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=Asus ZenFone Max Pro, Version=Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.log.logservice with a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.log.logservice to obtain a capability that a third-party app cannot directly be granted. Description: The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
|
| CVE-2019-15393 | Wireless Settings Modification | Asus | ZenFone Live | Exploitable by local app | com.asus.atd.smmitest | 1 | 1 | 7.1.1 | asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone Live, Version=asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.atd.smmitest having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.asus.atd.smmitest to obtain a capability that would otherwise require a permission. Description: The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15394 | Wireless Settings Modification | Asus | ZenFone 5 Selfie | Exploitable by local app | com.asus.atd.smmitest | 1 | 1 | 7.1.1 | asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 5 Selfie, Version=asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.atd.smmitest having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.asus.atd.smmitest to obtain a capability that would otherwise require a permission. Description: The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15395 | Command Execution | Asus | ZenFone 3s Max | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000015 | 7.0.0.3_161222 | 7 | asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3s Max, Version=asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.3_161222 and version code of 1570000015. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15396 | Command Execution | Asus | ZenFone 3 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000015 | 7.0.0.3_161222 | 7 | asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3, Version=asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.3_161222 and version code of 1570000015. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15397 | Command Execution | Asus | ZenFone Max 4 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone Max 4, Version=asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15398 | Command Execution | Asus | ZenFone 4 Selfie | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000015 | 7.0.0.3_161222 | 7.1.1 | asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 4 Selfie, Version=asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.3_161222 and version code of 1570000015. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15399 | Command Execution | Asus | ZenFone 5Q | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7 | asus/WW_Phone/ASUS_X018D:7.0/NRD90M/14.02.1712.29-20171227:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 5Q, Version=asus/WW_Phone/ASUS_X018D:7.0/NRD90M/14.02.1712.29-20171227:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X018D:7.0/NRD90M/14.02.1712.29-20171227:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15400 | Command Execution | Asus | ZenFone 3 Ultra | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7 | asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3 Ultra, Version=asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15401 | Command Execution | Asus | ASUS_A002 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7 | asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_A002, Version=asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15402 | Command Execution | Asus | ASUS_A002_2 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7 | asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_A002_2, Version=asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15403 | Command Execution | Asus | ZenFone 3s Max | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7 | asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3s Max, Version=asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15404 | Command Execution | Asus | ZenFone Max 4 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone Max 4, Version=asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15405 | Command Execution | Asus | ASUS_X00K_1 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000015 | 7.0.0.3_161222 | 7 | asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_X00K_1, Version=asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.3_161222 and version code of 1570000015. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15406 | Command Execution | Asus | ASUS_X00LD_3 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone Live, Version=asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15407 | Command Execution | Asus | ASUS_X015_1 | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000015 | 7.0.0.3_161222 | 7 | asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_X015_1, Version=asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.3_161222 and version code of 1570000015. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15408 | Command Execution | Asus | ZenFone 5 Lite | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 5 Lite, Version=asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15409 | Command Execution | Asus | ZenFone 5Q | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 5Q, Version=asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15410 | Command Execution | Asus | ZenFone 5Q | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 5Q, Version=asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15411 | Command Execution | Asus | ZenFone 3 Laser | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keysasus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3 Laser, Version=asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keysasus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15412 | Command Execution | Asus | ZenFone 4 Selfie | Exploitable by system or signature app | com.asus.loguploaderproxy | 1570000020 | 7.0.0.4_170901 | 7.1.1 | asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 4 Selfie, Version=asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.loguploaderproxy having a version name of 7.0.0.4_170901 and version code of 1570000020. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15413 | Command Execution | Asus | ZenFone 3 Ultra | Exploitable by system or signature app | com.asus.splendidcommandagent | 1510200105 | 1.2.0.21_180605 | 7 | asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone 3 Ultra, Version=asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.splendidcommandagent having a version name of 1.2.0.21_180605 and version code of 1510200105. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15414 | Command Execution | Asus | ZenFone AR | Exploitable by system or signature app | com.asus.splendidcommandagent | 1510200105 | 1.2.0.21_180605 | 7 | asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ZenFone AR, Version=asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.asus.splendidcommandagent having a version name of 1.2.0.21_180605 and version code of 1510200105. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15418 | Command Execution | Asus | ASUS_X00K_1 | Exploitable by local app | com.lovelyfont.defcontainer | 5 | 5.0.1 | 7 | asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_X00K_1, Version=asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.lovelyfont.defcontainer having a version name of 5.0.1 and version code of 5. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.lovelyfont.defcontainer to obtain a capability that would otherwise require a permission. Description: The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15419 | Command Execution | Asus | ASUS_X015_1 | Exploitable by local app | com.lovelyfont.defcontainer | 5 | 5.0.1 | 7 | asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Asus Affected product: Product=ASUS_X015_1, Version=asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.lovelyfont.defcontainer having a version name of 5.0.1 and version code of 5. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.lovelyfont.defcontainer to obtain a capability that would otherwise require a permission. Description: The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15420 | Wireless Settings Modification | Blackview | BV9000Pro-F | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7 | Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Blackview Affected product: Product=BV9000Pro-F, Version=Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15421 | Wireless Settings Modification | Blackview | BV7000_Pro | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7.1 | Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Blackview Affected product: Product=BV7000_Pro, Version=Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15423 | Wireless Settings Modification | Bluboo | Bluboo_S1 | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7 | BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Bluboo Affected product: Product=Bluboo_S1, Version=BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15430 | System Properties Modification | Bluboo | D3 Pro | Exploitable by system or signature app | com.qiku.cleaner | 2 | 2.0.0_VER_32516508295515 | 7 | BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Bluboo Affected product: Product=D3 Pro, Version=BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qiku.cleaner having a version name of 2.0.0_VER_32516508295515 and version code of 2. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15381 | System Properties Modification | BQ | 5515L | Exploitable by local app | com.mediatek.wfo.impl | null | null | 8.1 | BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: BQ Affected product: Product=BQ 5515L, Version=BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15377 | System Properties Modification | Cherry | Flare S7 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Cherry Affected product: Product=Cherry Flare S7, Version=Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15352 | System Properties Modification | Coolpad | 1851 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Coolpad Affected product: Product=Coolpad 1851, Version=Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15353 | System Properties Modification | Coolpad | N3C | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Coolpad Affected product: Product=Coolpad N3C, Version=Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15368 | System Properties Modification | Coolpad | 1851 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1.0 | Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Coolpad Affected product: Product=Coolpad 1851, Version=Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15388 | Command Execution | Coolpad | 1851 | Exploitable by local app | com.valmul.defcontainer | 7 | 7.1.13 | 8.1 | Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Coolpad Affected product: Product=Coolpad 1851, Version=Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys Attack type: Context-Dependent Impact: Escalation of Privileges Affected component: A pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13) containing an exported service app component named com.lovelyfont.manager.FontCoverService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attack app is a malicious app without malicious permissions. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Description: The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15382 | System Properties Modification | Cubot | Nova | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Cubot Affected product: Product=Cubot Nova, Version=CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15358 | System Properties Modification | Dexp | Z250 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Dexp Affected product: Product=Dexp Z250, Version=DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15364 | System Properties Modification | Dexp | BL250 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Dexp Affected product: Product=Dexp BL250, Version=DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15422 | Wireless Settings Modification | Doogee | Mix | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7 | DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Doogee Affected product: Product=Mix, Version=DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15424 | Wireless Settings Modification | Doogee | BL5000 | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7 | DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Doogee Affected product: Product=BL5000, Version=DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15384 | System Properties Modification | Elephone | A4 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Elephone Affected product: Product=Elephone A4, Version=Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15431 | System Properties Modification | Evercoss | U50A | Exploitable by system or signature app | com.qiku.cleaner | 2 | 2.0_VER_2017.04.21_17:55:55 | 7 | EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Evercoss Affected product: Product=U50A, Version=EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qiku.cleaner having a version name of 2.0_VER_2017.04.21_17:55:55 and version code of 2. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15432 | System Properties Modification | Evercoss | U6 | Exploitable by system or signature app | com.qiku.cleaner | 2 | 2.0.0_VER_32516486284094 | 7 | EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Evercoss Affected product: Product=U6, Version=EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qiku.cleaner having a version name of 2.0.0_VER_32516486284094 and version code of 2. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15380 | System Properties Modification | Fly | Photo Pro | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Fly Affected product: Product=Fly Photo Pro, Version=Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15390 | System Properties Modification | Haier | G8 | Exploitable by local app | com.qiku.service.container | 5 | 1.03.00_VER_32525983298984 | 8.1 | Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier G8, Version=Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qiku.service.container with a version name of 1.03.00_VER_32525983298984 and version code of 5. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.qiku.service.container to obtain a capability that a third-party app cannot directly be granted. Description: The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.qiku.service.container app (versionCode=5, versionName=1.03.00_VER_32525983298984) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15359 | System Properties Modification | Haier | A6 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier A6, Version=Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15367 | System Properties Modification | Haier | P10 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier P10, Version=Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15370 | System Properties Modification | Haier | G8 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier G8, Version=Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15375 | System Properties Modification | Haier | G8 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier G8, Version=Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15389 | Command Execution | Haier | A6 | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.1.13 | 8.1 | Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Haier Affected product: Product=Haier A6, Version=Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys Attack type: Context-Dependent Impact: Escalation of Privileges Affected component: A pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13) containing an exported service app component named com.lovelyfont.manager.FontCoverService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attack app is a malicious app without malicious permissions. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Description: The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15360 | System Properties Modification | Hisense | U965 | Exploitable by local app | com.mediatek.wfo.impl | null | null | 8.1 | Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Hisense Affected product: Product=Hisense U965, Version=Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15372 | System Properties Modification | Hisense | F17 | Exploitable by local app | com.mediatek.wfo.impl | null | null | 8.1 | Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Hisense Affected product: Product=Hisense F17, Version=Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15361 | System Properties Modification | Infinix | Note 5 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8 | Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Infinix Affected product: Product=Infinix Note 5, Version=Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15366 | System Properties Modification | Infinix | Note 5 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Infinix Affected product: Product=Infinix Note 5, Version=Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15385 | System Properties Modification | Infinix | Note 5 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Infinix Affected product: Product=Infinix Note 5, Version=Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15425 | Wireless Settings Modification | Kata | M4s | Exploitable by local app | com.mediatek.factorymode | 1 | 1 | 7 | alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Kata Affected product: Product=M4s, Version=alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.factorymode having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.factorymode to obtain a capability that would otherwise require a permission. Description: The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15332 | Wireless Settings Modification | Lava | Z61 | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.0.0 | LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z61, Version=LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15333 | Wireless Settings Modification | Lava | Flair Z1 | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Flair Z1, Version=LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15334 | Wireless Settings Modification | Lava | Iris 88 Go | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Iris 88 Go, Version=LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15335 | Wireless Settings Modification | Lava | Z92 | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z92, Version=LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15336 | Wireless Settings Modification | Lava | Z61 Turbo | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z61 Turbo, Version=LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15337 | Wireless Settings Modification | Lava | Z81 | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.31 | 8.1 | LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z81 Turbo, Version=LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.31 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15338 | Wireless Settings Modification | Lava | Iris 88 Lite | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Iris 88 Lite, Version=LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15339 | Wireless Settings Modification | Lava | Z60s | Exploitable by local app | com.android.lava.powersave | 400 | v4.0.27 | 8.1 | LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z60s, Version=LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.android.lava.powersave with a version name of v4.0.27 and version code of 400. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.android.lava.powersave to obtain a capability that would otherwise require a permission. Description: The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. |
| CVE-2019-15356 | System Properties Modification | Lava | Flair Z1 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Flair Z1, Version=LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15362 | System Properties Modification | Lava | Iris 88 Go | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Iris 88 Go, Version=LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15365 | System Properties Modification | Lava | Z92 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z92, Version=LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15369 | System Properties Modification | Lava | Z61 Turbo | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z61 Turbo, Version=LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15374 | System Properties Modification | Lava | Iris 88 Lite | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Iris 88 Lite, Version=LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15386 | System Properties Modification | Lava | Z60s | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Lava Affected product: Product=Lava Z60s, Version=LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15363 | System Properties Modification | Leagoo | Power 5 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Leagoo Affected product: Product=Leagoo Power 5, Version=LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15376 | System Properties Modification | Panasonic | Eluga Ray 530 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Panasonic Affected product: Product=Panasonic Eluga Ray 530, Version=Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15378 | System Properties Modification | Panasonic | Eluga Ray 600 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Panasonic Affected product: Product=Panasonic Eluga Ray 600, Version=Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15429 | Attacker-controlled AT Command | Panasonic | ELUGA_I9 | Exploitable by local app | com.ovvi.modem | 1 | 1 | 7 | Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Panasonic Affected product: Product=ELUGA_I9, Version=Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.ovvi.modem having a version name of 1 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.ovvi.modem to obtain a capability that would otherwise require a permission. Description: The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15433 | App Installation | Samsung | A3 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=A3, Version=samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15434 | App Installation | Samsung | A5 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=A5, Version=samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15435 | App Installation | Samsung | A7 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=A7, Version=samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15436 | App Installation | Samsung | A8+ | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=A8+, Version=samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung A8+ Android device with a build fingerprint of samsung/jackpot2ltexx/jackpot2lte:8.0.0/R16NW/A730FXXS4BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15437 | App Installation | Samsung | XCover4 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=XCover4, Version=samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app |
| CVE-2019-15438 | App Installation | Samsung | XCover4 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=XCover4, Version=samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15439 | App Installation | Samsung | XCover4 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=XCover4, Version=samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15440 | App Installation | Samsung | J5 | Exploitable by system or signature app | com.samsung.android.themecenter | 6010000 | 6.1.0.0 | 8.0.0 | samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J5, Version=samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 6.1.0.0 and version code of 6010000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15441 | App Installation | Samsung | on7xeltelgt | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=on7xeltelgt, Version=samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15442 | App Installation | Samsung | on7xelteskt | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=on7xelteskt, Version=samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15443 | App Installation | Samsung | J7 Max | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Max, Version=samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Max Android device with a build fingerprint of samsung/j7maxlteins/j7maxlte:8.1.0/M1AJQ/G615FXXU2BSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15444 | App Installation | Samsung | S7 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7, Version=samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15445 | App Installation | Samsung | S7 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7, Version=samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15446 | App Installation | Samsung | S7 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7, Version=samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15447 | App Installation | Samsung | S7 Edge | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7 Edge, Version=samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15448 | App Installation | Samsung | S7 Edge | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7 Edge, Version=samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15449 | App Installation | Samsung | S7 Edge | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=S7 Edge, Version=samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15450 | App Installation | Samsung | j3popeltecan | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=j3popeltecan, Version=samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15451 | App Installation | Samsung | J3 | Exploitable by system or signature app | com.samsung.android.themecenter | 6010000 | 6.1.0.0 | 8.0.0 | samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J3, Version=samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 6.1.0.0 and version code of 6010000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15452 | App Installation | Samsung | J3 | Exploitable by system or signature app | com.samsung.android.themecenter | 6010000 | 6.1.0.0 | 8.0.0 | samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J3, Version=samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 6.1.0.0 and version code of 6010000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15453 | App Installation | Samsung | J4 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J4, Version=samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15454 | App Installation | Samsung | J4 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J4, Version=samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15455 | App Installation | Samsung | J5 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J5, Version=samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15456 | App Installation | Samsung | J6 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J6, Version=samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15457 | App Installation | Samsung | J6 | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J6, Version=samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15458 | App Installation | Samsung | J7 Neo | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Neo, Version=samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15459 | App Installation | Samsung | J7 Neo | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Neo, Version=samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15460 | App Installation | Samsung | J7 Neo | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Neo, Version=samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15461 | App Installation | Samsung | J7 Neo | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Neo, Version=samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15462 | App Installation | Samsung | J7 Duo | Exploitable by system or signature app | com.samsung.android.themecenter | 7000000 | 7.0.0.0 | 8.0.0 | samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Duo, Version=samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.0.0 and version code of 7000000. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15463 | App Installation | Samsung | j7popeltemtr | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=j7popeltemtr, Version=samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15464 | App Installation | Samsung | J7 Pro | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Pro, Version=samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15465 | App Installation | Samsung | J7 Pro | Exploitable by system or signature app | com.samsung.android.themecenter | 7000100 | 7.0.1.0 | 8.1.0 | samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Samsung Affected product: Product=J7 Pro, Version=samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.samsung.android.themecenter having a version name of 7.0.1.0 and version code of 7000100. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15416 | App Installation | Sony | keyaki_kddi | Exploitable by system or signature app | com.kddi.android.packageinstaller | 70008 | 08.10.03 | 7.1.1 | Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Sony Affected product: Product=keyaki_kddi, Version=Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.kddi.android.packageinstaller having a version name of 08.10.03 and version code of 70008. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. |
| CVE-2019-15743 | Audio Recording | Sony | Xperia Touch | Exploitable by local app | com.sonymobile.android.maintenancetool.testmic | 24 | 7.0 | 7 | Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Sony Affected product: Product=Xperia Touch, Version=Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic having a version name of 7.0 and version code of 24. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.sonymobile.android.maintenancetool.testmic to obtain a capability that would otherwise require a permission. Description: The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. |
| CVE-2019-15744 | Wireless Settings Modification | Sony | Xperia XZs | Exploitable by local app | jp.softbank.mb.tdrl | 1413005 | 1.3.0 | 7.1.1 | Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Sony Affected product: Product=Xperia XZs, Version=Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of jp.softbank.mb.tdrl having a version name of 1.3.0 and version code of 1413005. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of jp.softbank.mb.tdrl to obtain a capability that would otherwise require a permission. Description: The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15371 | System Properties Modification | Symphony | G100 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Symphony Affected product: Product=Symphony G100, Version=Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15373 | System Properties Modification | Symphony | i95 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | Symphony/i95/i95:8.1.0/O11019/1536929227:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Symphony Affected product: Product=Symphony i95, Version=Symphony/i95/i95:8.1.0/O11019/1536929227:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Symphony i95 Lite Android device with a build fingerprint of Symphony/i95/i95:8.1.0/O11019/1536929227:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15341 | Dynamic Code Loading | Tecno | Camon iAir 2 Plus | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iAir 2 Plus, Version=TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys Attack type: Local Impact: Escalation of Privileges, Code Execution Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., providing the path to a Dalvik Executable (DEX) file that will be dynamically loaded and executed by a process executing as the system user). The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15342 | Command Execution | Tecno | Camon iAir 2 Plus | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iAir 2 Plus, Version=TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attacker first interacts with the component to provide a path to a shell script and then can select a keyword which, when it appears in the logcat log, will then execute the shell script. The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15343 | Command Execution | Tecno | Camon iClick | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.8 | 8.0.0 | TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick, Version=TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attacker first interacts with the component to provide a path to a shell script and then can select a keyword which, when it appears in the logcat log, will then execute the shell script. The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15344 | Command Execution | Tecno | Camon iClick | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.8 | 8.0.0 | TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick, Version=TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys Attack type: Context-Dependent Impact: Escalation of Privileges Affected component: A pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8) containing an exported service app component named com.lovelyfont.manager.FontCoverService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attack app is a malicious app without malicious permissions. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Description: The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15345 | Dynamic Code Loading | Tecno | Camon iClick | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.8 | 8.0.0 | TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick, Version=TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys Attack type: Local Impact: Escalation of Privileges, Code Execution Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., providing the path to a Dalvik Executable (DEX) file that will be dynamically loaded and executed by a process executing as the system user). The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15346 | Dynamic Code Loading | Tecno | Camon iClick 2 | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick 2, Version=TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys Attack type: Local Impact: Escalation of Privileges, Code Execution Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., providing the path to a Dalvik Executable (DEX) file that will be dynamically loaded and executed by a process executing as the system user). The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15347 | Command Execution | Tecno | Camon iClick 2 | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick 2, Version=TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attacker first interacts with the component to provide a path to a shell script and then can select a keyword which, when it appears in the logcat log, will then execute the shell script. The attack app is a malicious app without malicious permissions. Description: The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15348 | Command Execution | Tecno | Camon | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon, Version=TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attacker first interacts with the component to provide a path to a shell script and then can select a keyword which, when it appears in the logcat log, will then execute the shell script. The attack app is a malicious app without malicious permissions. Description: The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15349 | Dynamic Code Loading | Tecno | Camon | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon, Version=TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., providing the path to a Dalvik Executable (DEX) file that will be dynamically loaded and executed by a process executing as the system user). The attack app is a malicious app without malicious permissions. Description: The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15350 | Dynamic Code Loading | Tecno | Camon | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon, Version=TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., providing the path to a Dalvik Executable (DEX) file that will be dynamically loaded and executed by a process executing as the system user). The attack app is a malicious app without malicious permissions. Description: The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user’s Wi-Fi passwords, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15351 | Command Execution | Tecno | Camon | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.11 | 8.0.0 | TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon, Version=TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys Attack type: Local Impact: Escalation of Privileges, Code Execution Affected component: A pre-installed platform app that has with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11) containing an exported service app component named com.lovelyfont.manager.service.FunctionService. Attack vector: The attack vector is a third-party app co-located on the device that does not require any permissions and interacts with an exported service app component of an app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). The malicious app can reach the device via app repackaging, phishing, trojanized app, or remote exploit. By leveraging an open interface of the com.lovelyfont.defcontainer app, the malicious app can utilize a capability that is not directly available to third-party apps (i.e., executing arbitrary commands as the system user via an unprotected app component of a platform app). The attacker first interacts with the component to provide a path to a shell script and then can select a keyword which, when it appears in the logcat log, will then execute the shell script. The attack app is a malicious app without malicious permissions. Description: The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user’s screen, factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user’s text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user’s notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user’s text messages, and more. |
| CVE-2019-15355 | System Properties Modification | Tecno | Camon iClick | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Tecno Camon iClick, Version=TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15417 | Dynamic Code Loading | Tecno | Spark Pro | Exploitable by local app | com.lovelyfont.defcontainer | 7 | 7.0.5 | 7 | TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Tecno Affected product: Product=Spark Pro, Version=TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.lovelyfont.defcontainer having a version name of 7.0.5 and version code of 7. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.lovelyfont.defcontainer to obtain a capability that would otherwise require a permission. Description: The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15354 | System Properties Modification | Ulefone | Armor 5 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.1 | Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Ulefone Affected product: Product=Ulefone Armor 5, Version=Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15379 | System Properties Modification | Walton | Primo GM3 | Exploitable by local app | com.mediatek.wfo.impl | 27 | 8.1.0 | 8.0.0 | WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Walton Affected product: Product=Walton Primo GM3, Version=WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.mediatek.wfo.impl with a version name of 8.1.0 and version code of 27. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.mediatek.wfo.impl to obtain a capability that a third-party app cannot directly be granted. Description: The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |
| CVE-2019-15340 | Wireless Settings Modification | Xiaomi | Redmi 6 Pro | Exploitable by local app | com.huaqin.factory | 1 | QL1715_201805292006 | 8.1 | xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Redmi 6 Pro, Version=xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.huaqin.factory with a version name of QL1715_201805292006 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.huaqin.factory to obtain a capability that would otherwise require a permission. Description: The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface. |
| CVE-2019-15415 | Wireless Settings Modification | Xiaomi | Redmi 5 | Exploitable by local app | com.huaqin.factory | 1 | QL1711_201803291645 | 7.1.2 | xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Redmi 5, Version=xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.huaqin.factory having a version name of QL1711_201803291645 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.huaqin.factory to obtain a capability that would otherwise require a permission. Description: The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15426 | Wireless Settings Modification | Xiaomi | 5S Plus | Exploitable by local app | com.miui.powerkeeper | 40000 | 4.0.00 | 6 | Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=5S Plus, Version=Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.miui.powerkeeper having a version name of 4.0.00 and version code of 40000. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.miui.powerkeeper to obtain a capability that would otherwise require a permission. Description: The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15427 | Wireless Settings Modification | Xiaomi | Mi Mix | Exploitable by local app | com.miui.powerkeeper | 40000 | 4.0.00 | 6 | Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi Mix, Version=Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.miui.powerkeeper having a version name of 4.0.00 and version code of 40000. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.miui.powerkeeper to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15428 | Wireless Settings Modification | Xiaomi | Mi Note 2 | Exploitable by local app | com.miui.powerkeeper | 40000 | 4.0.00 | 6 | Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi Note 2, Version=Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.miui.powerkeeper having a version name of 4.0.00 and version code of 40000. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.miui.powerkeeper to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15466 | Wireless Settings Modification | Xiaomi | Redmi 6 Pro | Exploitable by local app | com.huaqin.factory | 1 | QL1715_201812191721 | 8.1.0 | xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Redmi 6 Pro, Version=xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.huaqin.factory having a version name of QL1715_201812191721 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.huaqin.factory to obtain a capability that would otherwise require a permission. Description: The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15467 | Wireless Settings Modification | Xiaomi | Mi Mix 2S | Exploitable by local app | com.huaqin.factory | 1 | A2060_201801032053 | 8.0.0 | Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi Mix 2S, Version=Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.huaqin.factory having a version name of A2060_201801032053 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.huaqin.factory to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15468 | Wireless Settings Modification | Xiaomi | Mi A2 Lite | Exploitable by local app | com.huaqin.factory | 1 | QL1715_201812071953 | 9 | xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi A2 Lite, Version=xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.huaqin.factory having a version name of QL1715_201812071953 and version code of 1. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.huaqin.factory to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. |
| CVE-2019-15469 | Microphone Audio Recording | Xiaomi | Mi Pad 4 | Exploitable by system or signature app | com.qualcomm.qti.callenhancement | 27 | 8.1.0 | 8.1.0 | Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi Pad 4, Version=Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 8.1.0 and version code of 27. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15470 | Microphone Audio Recording | Xiaomi | Redmi Note 6 Pro | Exploitable by system or signature app | com.qualcomm.qti.callenhancement | 27 | 8.1.0 | 8.1.0 | xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Redmi Note 6 Pro, Version=xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 8.1.0 and version code of 27. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15471 | Microphone Audio Recording | Xiaomi | Mi Mix 2S | Exploitable by system or signature app | com.qualcomm.qti.callenhancement | 27 | 8.1.0 | 8.0.0 | Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi Mix 2S, Version=Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 8.1.0 and version code of 27. Attack vector: Any pre-installed system app can be granted a signatureOrSystem permission and call other pre-installed app components that are guarded with these permissions, whether the calling app is signed by the same vendor or not, whether vetted or not, potentially bypassing the security boundaries set by the Android OS. Description: The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15472 | Microphone Audio Recording | Xiaomi | Mi A2 Lite | Exploitable by local app | com.qualcomm.qti.callenhancement | 28 | 9 | 9 | xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi A2 Lite, Version=xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 9 and version code of 28. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.qualcomm.qti.callenhancement to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15473 | Microphone Audio Recording | Xiaomi | Mi A2 Lite | Exploitable by local app | com.qualcomm.qti.callenhancement | 28 | 9 | 9 | xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi A2 Lite, Version=xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 9 and version code of 28. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.qualcomm.qti.callenhancement to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15474 | Microphone Audio Recording | Xiaomi | Cepheus | Exploitable by local app | com.qualcomm.qti.callenhancement | 28 | 9 | 9 | Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Cepheus, Version=Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 9 and version code of 28. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.qualcomm.qti.callenhancement to obtain a capability that would otherwise require a permission. Description: The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
| CVE-2019-15475 | Microphone Audio Recording | Xiaomi | Mi A3 | Exploitable by local app | com.qualcomm.qti.callenhancement | 28 | 9 | 9 | xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys | Vulnerability Type: Incorrect Access Control Vendor of the product: Xiaomi Affected product: Product=Mi A3, Version=xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys Attack type: Local Impact: Escalation of Privileges Affected component: Pre-installed app with a package name of com.qualcomm.qti.callenhancement having a version name of 9 and version code of 28. Attack vector: Any app co-located on the device can interact with an exported app component of the app with a package name of com.qualcomm.qti.callenhancement to obtain a capability that would otherwise require a permission. Description: The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. |
The EU General Data Protection Regulation (GDPR) is in effect as of May 25, 2018. Are your mobile apps GDPR complaint?