ID
VAR-201611-0412
TITLE
Multiple mtk platform mobile phone Guangsheng FOTA service has system privilege elevation vulnerability (Succubus vulnerability)
Trust: 0.6
DESCRIPTION
Shanghai Guangsheng Information Technology Co., Ltd. is a leading global provider of terminal management cloud platforms. FOTA (Wireless Upgrade) provides professional wireless upgrade solutions for IoT devices (smart cars, wearables, homes, VR, etc.). A number of mtk platform mobile phone Guangsheng FOTA services have system privilege elevation vulnerabilities. Because the mobile phone using the Guangsheng FOTA service has a vulnerability in the system app of a certain binding service, it is possible to execute commands with system permissions. An attacker could exploit the vulnerability to elevate permissions to system permissions.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | guangsheng information | model: | fota service | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Multiple mtk platform mobile phone Guangsheng FOTA service has a system permission elevation vulnerability patch | url: | https://www.cnvd.org.cn/patchinfo/show/84127 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-11347 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2016-11347 |
LAST UPDATE DATE
2022-05-04T09:57:01.297000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-11347 | date: | 2016-11-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-11347 | date: | 2016-11-21T00:00:00 |