Search

Find a vulnerability

Search criteria

    8 vulnerabilities by Infinix Mobile

    CVE-2024-12993 (GCVE-0-2024-12993)

    Vulnerability from nvd – Published: 2024-12-30 11:01 – Updated: 2024-12-30 14:14
    VLAI
    Title
    Location information exposure in Infinix Weather app
    Summary
    Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.  After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Credits
    Szymon Chadam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T14:14:40.493684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T14:14:56.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "com.rlk.weathers",
              "vendor": "Infinix Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0.037"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Szymon Chadam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u0026nbsp;\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e"
                }
              ],
              "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-30T11:01:17.600Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/12/CVE-2024-12993/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Location information exposure in Infinix Weather app",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-12993",
        "datePublished": "2024-12-30T11:01:17.600Z",
        "dateReserved": "2024-12-27T14:13:53.615Z",
        "dateUpdated": "2024-12-30T14:14:56.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10576 (GCVE-0-2024-10576)

    Vulnerability from nvd – Published: 2024-12-04 12:02 – Updated: 2024-12-04 21:01
    VLAI
    Title
    Unauthorized factory reset of Infinix devices
    Summary
    Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.  After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    References
    Impacted products
    Vendor Product Version
    Infinix Mobile com.transsion.agingfunction Affected: 13
    Create a notification for this product.
    infinix_mobile com.transmission.agingfunction Affected: 13
        cpe:2.3:a:infinix_mobile:com.transmission.agingfunction:13:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Szymon Chadam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:infinix_mobile:com.transmission.agingfunction:13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "com.transmission.agingfunction",
                "vendor": "infinix_mobile",
                "versions": [
                  {
                    "status": "affected",
                    "version": "13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10576",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T19:48:36.525706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T21:01:06.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "com.transsion.agingfunction",
              "vendor": "Infinix Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "13"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Szymon Chadam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u0026nbsp;exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
                }
              ],
              "value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u00a0exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u00a0\n\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-166",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-166 Force the System to Reset Values"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "IRRECOVERABLE",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/R:I/V:D/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-925",
                  "description": "CWE-925 Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T12:02:54.241Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/12/CVE-2024-10576/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/12/CVE-2024-10576/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthorized factory reset of Infinix devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-10576",
        "datePublished": "2024-12-04T12:02:22.601Z",
        "dateReserved": "2024-10-31T10:16:21.663Z",
        "dateUpdated": "2024-12-04T21:01:06.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12993 (GCVE-0-2024-12993)

    Vulnerability from cvelistv5 – Published: 2024-12-30 11:01 – Updated: 2024-12-30 14:14
    VLAI
    Title
    Location information exposure in Infinix Weather app
    Summary
    Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.  After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Credits
    Szymon Chadam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T14:14:40.493684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T14:14:56.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "com.rlk.weathers",
              "vendor": "Infinix Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0.037"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Szymon Chadam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u0026nbsp;\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e"
                }
              ],
              "value": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-117",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-117 Interception"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-30T11:01:17.600Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/12/CVE-2024-12993/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Location information exposure in Infinix Weather app",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-12993",
        "datePublished": "2024-12-30T11:01:17.600Z",
        "dateReserved": "2024-12-27T14:13:53.615Z",
        "dateUpdated": "2024-12-30T14:14:56.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10576 (GCVE-0-2024-10576)

    Vulnerability from cvelistv5 – Published: 2024-12-04 12:02 – Updated: 2024-12-04 21:01
    VLAI
    Title
    Unauthorized factory reset of Infinix devices
    Summary
    Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.  After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    References
    Impacted products
    Vendor Product Version
    Infinix Mobile com.transsion.agingfunction Affected: 13
    Create a notification for this product.
    infinix_mobile com.transmission.agingfunction Affected: 13
        cpe:2.3:a:infinix_mobile:com.transmission.agingfunction:13:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Szymon Chadam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:infinix_mobile:com.transmission.agingfunction:13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "com.transmission.agingfunction",
                "vendor": "infinix_mobile",
                "versions": [
                  {
                    "status": "affected",
                    "version": "13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10576",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T19:48:36.525706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T21:01:06.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android"
              ],
              "product": "com.transsion.agingfunction",
              "vendor": "Infinix Mobile",
              "versions": [
                {
                  "status": "affected",
                  "version": "13"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Szymon Chadam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u0026nbsp;exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
                }
              ],
              "value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u00a0exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u00a0\n\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-166",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-166 Force the System to Reset Values"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "IRRECOVERABLE",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/R:I/V:D/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-925",
                  "description": "CWE-925 Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T12:02:54.241Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/12/CVE-2024-10576/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/12/CVE-2024-10576/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthorized factory reset of Infinix devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-10576",
        "datePublished": "2024-12-04T12:02:22.601Z",
        "dateReserved": "2024-10-31T10:16:21.663Z",
        "dateUpdated": "2024-12-04T21:01:06.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201911-0526

    Vulnerability from variot - Updated: 2024-11-23 22:48

    The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China Transsion Corporation.

    Infinix Note 5 has an unknown vulnerability. An attacker could use this vulnerability to modify system properties

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0526",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "note 5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixmobility",
            "version": null
          },
          {
            "model": "note 5",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "note",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "infinix",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:note_5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          }
        ]
      },
      "cve": "CVE-2019-15361",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15361",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16011",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-15361",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-15361",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15361",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15361",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16011",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-859",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China Transsion Corporation. \n\r\n\r\nInfinix Note 5 has an unknown vulnerability. An attacker could use this vulnerability to modify system properties",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15361",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "id": "VAR-201911-0526",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:48:12.392000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Note 5",
            "trust": 0.8,
            "url": "http://www.infinixmobility.com/old/index.php?id=2977"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-862",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.kryptowire.com/android-firmware-2019/"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15361"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15361"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "date": "2019-11-14T17:15:16.990000",
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16011"
          },
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          },
          {
            "date": "2024-11-21T04:28:32.697000",
            "db": "NVD",
            "id": "CVE-2019-15361"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Infinix Note 5 Android Lack of authentication on device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012335"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-859"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-0531

    Vulnerability from variot - Updated: 2024-11-23 22:41

    The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China's Infinix.

    An access control error vulnerability exists in the com.mediatek.wfo.impl app in Infinix Note 5 (build fingerprint: Infinix/H633IJL/Infinix-X604_sprout: 8.1.0/O11019/IJL-180531V181: user/release-keys). The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0531",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "note 5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixmobility",
            "version": null
          },
          {
            "model": "note 5",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "note",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "infinix",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:note_5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          }
        ]
      },
      "cve": "CVE-2019-15366",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15366",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-41666",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-15366",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-15366",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15366",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15366",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41666",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-972",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China\u0027s Infinix. \n\nAn access control error vulnerability exists in the com.mediatek.wfo.impl app in Infinix Note 5 (build fingerprint: Infinix/H633IJL/Infinix-X604_sprout: 8.1.0/O11019/IJL-180531V181: user/release-keys). The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15366",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "id": "VAR-201911-0531",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:18.142000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Note 5",
            "trust": 0.8,
            "url": "http://www.infinixmobility.com/old/index.php?id=2977"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-862",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.kryptowire.com/android-firmware-2019/"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15366"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15366"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "date": "2019-11-14T17:15:17.413000",
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012337"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          },
          {
            "date": "2024-11-21T04:28:33.400000",
            "db": "NVD",
            "id": "CVE-2019-15366"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Infinix Note 5 Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-972"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0058

    Vulnerability from variot - Updated: 2024-11-23 22:38

    Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0. This program HTTP Via the next 3 Communicate with one host. 1 * Host: 114.80.68.223 * Connection: Close Example response from the server: * HTTP/1.1 200 OK * {"code": "01", "name": "push_commands", "details": {"server_id": "1" , * "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}}Middle man (man-in-the-middle) By attack root An arbitrary command may be executed with authority. Multiple Android products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and execute arbitrary commands as root by conducting a man-in-the-middle attack. This may lead to other attacks. Ragentek BLU Studio G etc. are smartphones

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0058",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "voyager 2 dg310i",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "doogee",
            "version": null
          },
          {
            "model": "lead 5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "leagoo",
            "version": null
          },
          {
            "model": "alfa 6",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "leagoo",
            "version": null
          },
          {
            "model": "studio c hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": "colorful k45i",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "iku mobile",
            "version": null
          },
          {
            "model": "studio g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": "hot 2 x510",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixauthority",
            "version": null
          },
          {
            "model": "pro 2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "beeline",
            "version": null
          },
          {
            "model": "zero 2 x509",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixauthority",
            "version": null
          },
          {
            "model": "studio g plus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": "lead 2s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "leagoo",
            "version": null
          },
          {
            "model": "studio x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": "studio 6.0 hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": "lead 6",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "leagoo",
            "version": null
          },
          {
            "model": "hot x507",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixauthority",
            "version": null
          },
          {
            "model": "cube 5.0",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "xolo",
            "version": null
          },
          {
            "model": "zero x506",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixauthority",
            "version": null
          },
          {
            "model": "lead 3i",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "leagoo",
            "version": null
          },
          {
            "model": "studio x plus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluproducts",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobility",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ragentek",
            "version": null
          },
          {
            "model": "pro 2",
            "scope": null,
            "trust": 0.8,
            "vendor": "beeline",
            "version": null
          },
          {
            "model": "studio 6.0 hd",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "studio c hd",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "studio g",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "studio g plus",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "studio x",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "studio x plus",
            "scope": null,
            "trust": 0.8,
            "vendor": "blu products",
            "version": null
          },
          {
            "model": "colorful k45i",
            "scope": null,
            "trust": 0.8,
            "vendor": "iku mobile",
            "version": null
          },
          {
            "model": "hot 2 x510",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "hot x507",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "zero 2 x509",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "zero x506",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "alfa 6",
            "scope": null,
            "trust": 0.8,
            "vendor": "leagoo global",
            "version": null
          },
          {
            "model": "lead 2s",
            "scope": null,
            "trust": 0.8,
            "vendor": "leagoo global",
            "version": null
          },
          {
            "model": "lead 3i",
            "scope": null,
            "trust": 0.8,
            "vendor": "leagoo global",
            "version": null
          },
          {
            "model": "lead 5",
            "scope": null,
            "trust": 0.8,
            "vendor": "leagoo global",
            "version": null
          },
          {
            "model": "lead 6",
            "scope": null,
            "trust": 0.8,
            "vendor": "leagoo global",
            "version": null
          },
          {
            "model": "voyager 2 dg310",
            "scope": null,
            "trust": 0.8,
            "vendor": "doogee hengtong",
            "version": null
          },
          {
            "model": "cube 5.0",
            "scope": null,
            "trust": 0.8,
            "vendor": "xolo",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "mobility zero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "infinix",
            "version": "x5060"
          },
          {
            "model": "mobility zero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "infinix",
            "version": "2x5090"
          },
          {
            "model": "mobility hot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "infinix",
            "version": "x5070"
          },
          {
            "model": "mobility hot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "infinix",
            "version": "2x5100"
          },
          {
            "model": "studio plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "x0"
          },
          {
            "model": "studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "x0"
          },
          {
            "model": "studio g plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "0"
          },
          {
            "model": "studio g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "0"
          },
          {
            "model": "studio c hd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "0"
          },
          {
            "model": "studio hd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blu",
            "version": "6.00"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:beeline:pro_2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_6.0_hd_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_c_hd_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_g_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_x_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:bluproducts:studio_x_plus_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:iku-mobile:colorful_k45i_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:hot_2_x510_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:hot_x507_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:zero_2_x509_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:zero_x506_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:leagoo:alfa_6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:leagoo:lead_2s_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:leagoo:lead_3i_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:leagoo:lead_5_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:leagoo:lead_6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:doogee:voyager_2_dg310i_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:xolo:cube_5.0_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks",
        "sources": [
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-6564",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-6564",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 9.3,
                "collateralDamagePotential": "NONE",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 6.3,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-6564",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "NOT DEFINED",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "MEDIUM",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-005905",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-95384",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2016-6564",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-005905",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-6564",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-6564",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-005905",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-429",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-95384",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0. This program HTTP Via the next 3 Communicate with one host. 1 * Host: 114.80.68.223 * Connection: Close Example response from the server: * HTTP/1.1 200 OK * {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , * \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}}Middle man (man-in-the-middle) By attack root An arbitrary command may be executed with authority. Multiple Android  products are prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to bypass certain  security restrictions and execute arbitrary commands as root by conducting a  man-in-the-middle attack. This may lead to other attacks. Ragentek BLU Studio G etc. are smartphones",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          },
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/624539",
            "trust": 0.8,
            "type": "poc"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#624539",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "94393",
            "trust": 2.0
          },
          {
            "db": "JVN",
            "id": "JVNVU98782459",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "id": "VAR-201807-0058",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:38:07.396000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multiple Ragentek Repair measures for device security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65770"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-494",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.kb.cert.org/vuls/id/624539"
          },
          {
            "trust": 1.7,
            "url": "https://www.securityfocus.com/bid/94393/"
          },
          {
            "trust": 1.7,
            "url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
          },
          {
            "trust": 0.8,
            "url": "http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/494.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.observatoriodeseguridad.com/?p=230"
          },
          {
            "trust": 0.8,
            "url": "https://twitter.com/timstrazz/status/689981808012828673"
          },
          {
            "trust": 0.8,
            "url": "https://en.wikipedia.org/wiki/rootkit"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6564"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu98782459/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6564"
          },
          {
            "trust": 0.3,
            "url": "http://english.ragentek.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "db": "BID",
            "id": "94393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "date": "2018-07-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "date": "2016-11-17T00:00:00",
            "db": "BID",
            "id": "94393"
          },
          {
            "date": "2016-11-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "date": "2016-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "date": "2018-07-13T20:29:01.050000",
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#624539"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-95384"
          },
          {
            "date": "2016-11-24T01:11:00",
            "db": "BID",
            "id": "94393"
          },
          {
            "date": "2019-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-005905"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          },
          {
            "date": "2024-11-21T02:56:21.923000",
            "db": "NVD",
            "id": "CVE-2016-6564"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ragentek Android OTA update mechanism vulnerable to MITM attack",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#624539"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-429"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-0454

    Vulnerability from variot - Updated: 2024-11-23 22:33

    The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China Infinix.

    Infinix Note 5 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to modify system properties

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0454",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "note 5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "infinixmobility",
            "version": null
          },
          {
            "model": "note 5",
            "scope": null,
            "trust": 0.8,
            "vendor": "infinix mobile",
            "version": null
          },
          {
            "model": "note",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "infinix",
            "version": "5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:infinixmobility:note_5_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          }
        ]
      },
      "cve": "CVE-2019-15385",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15385",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2020-16021",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-15385",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-15385",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15385",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15385",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-16021",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-887",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China Infinix. \n\r\n\r\nInfinix Note 5 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to modify system properties",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15385",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "id": "VAR-201911-0454",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:33:39.839000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Note 5",
            "trust": 0.8,
            "url": "http://www.infinixmobility.com/old/index.php?id=2977"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-862",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.kryptowire.com/android-firmware-2019/"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15385"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15385"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "date": "2019-12-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "date": "2019-11-14T17:15:18.787000",
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "date": "2019-12-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012479"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          },
          {
            "date": "2024-11-21T04:28:36.170000",
            "db": "NVD",
            "id": "CVE-2019-15385"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Infinix Note 5 Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-16021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-887"
          }
        ],
        "trust": 0.6
      }
    }