VAR-201812-0118
Vulnerability from variot - Updated: 2024-11-23 22:06The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts. ZTE ZMAX Champ Android The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ZTE ZMAX is prone to the following security vulnerabilities: 1. An arbitrary command-execution vulnerability 2. A denial-of-service vulnerability An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to execute arbitrary commands, to cause an affected device to crash, denying service to legitimate users. ZTE ZMAX Champ is a smartphone based on the Android platform of China's ZTE Corporation (ZTE)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zmax champ",
"scope": "eq",
"trust": 1.1,
"vendor": "zte",
"version": "6.0.1"
},
{
"model": "zte zmax champ",
"scope": "eq",
"trust": 1.0,
"vendor": "zteusa",
"version": "6.0.1"
},
{
"model": "zmax zmax pro",
"scope": "eq",
"trust": 0.3,
"vendor": "zte",
"version": "6.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "106361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zte:zte_zmax_champ_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyrptowire",
"sources": [
{
"db": "BID",
"id": "106361"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15006",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-125222",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2018-15006",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15006",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-15006",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-125222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts. ZTE ZMAX Champ Android The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ZTE ZMAX is prone to the following security vulnerabilities:\n1. An arbitrary command-execution vulnerability\n2. A denial-of-service vulnerability\nAn attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to execute arbitrary commands, to cause an affected device to crash, denying service to legitimate users. ZTE ZMAX Champ is a smartphone based on the Android platform of China\u0027s ZTE Corporation (ZTE)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15006"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "BID",
"id": "106361"
},
{
"db": "VULHUB",
"id": "VHN-125222"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "106361",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-15006",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1260",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125222",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125222"
},
{
"db": "BID",
"id": "106361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"id": "VAR-201812-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125222"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:06:27.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zte.com.cn/global/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/106361"
},
{
"trust": 2.5,
"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf"
},
{
"trust": 2.0,
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15006"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15006"
},
{
"trust": 0.8,
"url": "https://www.kryptowire.com/android-firmware-defcon-2018/"
},
{
"trust": 0.3,
"url": "http://wwwen.zte.com.cn/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125222"
},
{
"db": "BID",
"id": "106361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125222"
},
{
"db": "BID",
"id": "106361"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125222"
},
{
"date": "2018-12-28T00:00:00",
"db": "BID",
"id": "106361"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"date": "2018-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"date": "2018-12-28T21:29:00.997000",
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-125222"
},
{
"date": "2018-12-28T00:00:00",
"db": "BID",
"id": "106361"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014556"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1260"
},
{
"date": "2024-11-21T03:50:20.447000",
"db": "NVD",
"id": "CVE-2018-15006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE ZMAX Champ Android Vulnerabilities related to resource management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014556"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1260"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…