Sign-up

ID

VAR-201506-0569


TITLE

Nubia Z7 Mobile Local Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-04127

DESCRIPTION

There is an unprotected broadcast receiver in the built-in application cn.nubia.factory of ZTE Nubia Z7 series mobile phone system cn.nubia.factory.service.FactoryResetReciver, a local malicious user does not need any Android permissions to send a malicious broadcast to the broadcast receiver. Without manual intervention, it can cause the Android system to format the external storage SD card. Clear all user data, restore factory settings, and restart the phone.

Trust: 0.6

sources: CNVD: CNVD-2015-04127

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04127

AFFECTED PRODUCTS

vendor: - model:zte mobile communication co. ltd.nubia z7 androidscope:eqversion:4.4.2

Trust: 0.6

vendor: - model:zte mobile communications co. ltd.nubia z7 uiscope:eqversion:v14.12.20

Trust: 0.6

sources: CNVD: CNVD-2015-04127

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-04127
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-04127
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-04127

PATCH

title:Nubia z7 phone has a local denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/58285

Trust: 0.6

sources: CNVD: CNVD-2015-04127

EXTERNAL IDS

db:CNVDid:CNVD-2015-04127

Trust: 0.6

sources: CNVD: CNVD-2015-04127

SOURCES

db:CNVDid:CNVD-2015-04127

LAST UPDATE DATE

2022-05-04T09:57:09.691000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-04127date:2015-07-01T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-04127date:2015-06-29T00:00:00