Sign-up

ID

VAR-201808-1006


CVE

CVE-2018-6598


TITLE

Orbic Wonder RC555L Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-009599

DESCRIPTION

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. Orbic Wonder RC555L Devices have vulnerabilities related to authorization, permissions, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Orbic Wonder is a smart phone product of Orbic Company in the United States. Orbic/RC555L/RC555L by Orbic Wonder: 7.1.2/N2G47H/329100b: A security vulnerability exists in user/release-keys

Trust: 1.71

sources: NVD: CVE-2018-6598 // JVNDB: JVNDB-2018-009599 // VULHUB: VHN-136630

AFFECTED PRODUCTS

vendor:orbicmodel:wonder rc555lscope:eqversion:7.1.2

Trust: 1.6

vendor:orbicmodel:wonder rc555lscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-009599 // CNNVD: CNNVD-201808-916 // NVD: CVE-2018-6598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6598
value: HIGH

Trust: 1.0

NVD: CVE-2018-6598
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-916
value: HIGH

Trust: 0.6

VULHUB: VHN-136630
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-6598
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-136630
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6598
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-136630 // JVNDB: JVNDB-2018-009599 // CNNVD: CNNVD-201808-916 // NVD: CVE-2018-6598

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-136630 // JVNDB: JVNDB-2018-009599 // NVD: CVE-2018-6598

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-916

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-916

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009599

PATCH
title:Wonderurl:http://www.orbic.us/phones/details/10
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009599

EXTERNAL IDS
db:NVDid:CVE-2018-6598
Trust: 2.5
db:JVNDBid:JVNDB-2018-009599
Trust: 0.8
db:CNNVDid:CNNVD-201808-916
Trust: 0.7
db:VULHUBid:VHN-136630
Trust: 0.1
sources:
            
            
            VULHUB: VHN-136630 // 
            
            
            
            JVNDB: JVNDB-2018-009599 // 
            
            
            
            CNNVD: CNNVD-201808-916 // 
            
            
            
            NVD: CVE-2018-6598

REFERENCES
url:https://www.kryptowire.com/portal/android-firmware-defcon-2018/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6598
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6598
Trust: 0.8
sources:
            
            
            VULHUB: VHN-136630 // 
            
            
            
            JVNDB: JVNDB-2018-009599 // 
            
            
            
            CNNVD: CNNVD-201808-916 // 
            
            
            
            NVD: CVE-2018-6598

SOURCES
db:VULHUBid:VHN-136630
db:JVNDBid:JVNDB-2018-009599
db:CNNVDid:CNNVD-201808-916
db:NVDid:CVE-2018-6598

LAST UPDATE DATE
2024-11-23T21:52:50.933000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-136630date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-009599date:2018-11-22T00:00:00
db:CNNVDid:CNNVD-201808-916date:2019-10-23T00:00:00
db:NVDid:CVE-2018-6598date:2024-11-21T04:10:58.333

SOURCES RELEASE DATE
db:VULHUBid:VHN-136630date:2018-08-29T00:00:00
db:JVNDBid:JVNDB-2018-009599date:2018-11-22T00:00:00
db:CNNVDid:CNNVD-201808-916date:2018-08-30T00:00:00
db:NVDid:CVE-2018-6598date:2018-08-29T19:29:01.123