Sign-up

ID

VAR-201701-0484


CVE

CVE-2016-10139


TITLE

BLU R1 HD Run on device Adups FOTA of com.adups.fota and com.adups.fota.sysoper Vulnerabilities to which privileges are granted

Trust: 0.8

sources: JVNDB: JVNDB-2016-006986

DESCRIPTION

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction. Adups Fota is a professional wireless upgrade solution for Shanghai IoT Technology Co., Ltd. (Adups) for IoT devices (smart cars, wearables, homes, VR, etc.). Adups has multiple local privilege escalation vulnerabilities. An attacker could use this vulnerability to elevate privileges. Local attackers can exploit these issues to gain elevated privileges

Trust: 2.43

sources: NVD: CVE-2016-10139 // JVNDB: JVNDB-2016-006986 // CNVD: CNVD-2017-03642 // BID: 96858

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-03642

AFFECTED PRODUCTS

vendor:adupsmodel:fotascope:eqversion: -

Trust: 1.6

vendor:adupsmodel:fotascope:eqversion:0

Trust: 0.9

vendor:adupsmodel:fotascope: - version: -

Trust: 0.8

vendor:blumodel:r1 hdscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-03642 // BID: 96858 // JVNDB: JVNDB-2016-006986 // CNNVD: CNNVD-201701-362 // NVD: CVE-2016-10139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10139
value: HIGH

Trust: 1.0

NVD: CVE-2016-10139
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-03642
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-362
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-10139
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-03642
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-10139
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-03642 // JVNDB: JVNDB-2016-006986 // CNNVD: CNNVD-201701-362 // NVD: CVE-2016-10139

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.8

sources: JVNDB: JVNDB-2016-006986 // NVD: CVE-2016-10139

THREAT TYPE

local

Trust: 0.9

sources: BID: 96858 // CNNVD: CNNVD-201701-362

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201701-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006986

PATCH
title:Top Pageurl:http://www.adups.com/index.php
Trust: 0.8
title:BLU R1 HD Adups Fota Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75145
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-006986 // 
            
            
            
            CNNVD: CNNVD-201701-362

EXTERNAL IDS
db:NVDid:CVE-2016-10139
Trust: 3.3
db:BIDid:96858
Trust: 1.9
db:JVNDBid:JVNDB-2016-006986
Trust: 0.8
db:CNVDid:CNVD-2017-03642
Trust: 0.6
db:CNNVDid:CNNVD-201701-362
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-03642 // 
            
            
            
            BID: 96858 // 
            
            
            
            JVNDB: JVNDB-2016-006986 // 
            
            
            
            CNNVD: CNNVD-201701-362 // 
            
            
            
            NVD: CVE-2016-10139

REFERENCES
url:https://www.kryptowire.com/adups_security_analysis.html
Trust: 2.7
url:https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html
Trust: 1.9
url:http://www.securityfocus.com/bid/96858
Trust: 1.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10139
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10139
Trust: 0.8
url:https://www.adups.com/index.php
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-03642 // 
            
            
            
            BID: 96858 // 
            
            
            
            JVNDB: JVNDB-2016-006986 // 
            
            
            
            CNNVD: CNNVD-201701-362 // 
            
            
            
            NVD: CVE-2016-10139

CREDITS
Kryptowire
Trust: 0.3
sources:
            
            
            BID: 96858

SOURCES
db:CNVDid:CNVD-2017-03642
db:BIDid:96858
db:JVNDBid:JVNDB-2016-006986
db:CNNVDid:CNNVD-201701-362
db:NVDid:CVE-2016-10139

LAST UPDATE DATE
2025-04-20T23:33:02.488000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-03642date:2017-03-29T00:00:00
db:BIDid:96858date:2017-03-16T01:02:00
db:JVNDBid:JVNDB-2016-006986date:2017-02-06T00:00:00
db:CNNVDid:CNNVD-201701-362date:2017-10-09T00:00:00
db:NVDid:CVE-2016-10139date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-03642date:2017-03-27T00:00:00
db:BIDid:96858date:2017-01-13T00:00:00
db:JVNDBid:JVNDB-2016-006986date:2017-02-06T00:00:00
db:CNNVDid:CNNVD-201701-362date:2017-01-13T00:00:00
db:NVDid:CVE-2016-10139date:2017-01-13T09:59:00.310