Sign-up

ID

VAR-201812-0106


CVE

CVE-2018-14984


TITLE

Leagoo Z5C Android Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014505

DESCRIPTION

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0)) with an exported broadcast receiver app component named com.android.messaging.trackersender.TrackerSender. Any app co-located on the device, even one with no permissions, can send a broadcast intent with certain embedded data to the exported broadcast receiver application component that will result in the programmatic sending of a text message where the phone number and body of the text message is controlled by the attacker. Leagoo Z5C Android The device contains an information disclosure vulnerability.Information may be tampered with. Leagoo Z5C is a smart phone based on Android platform produced by Leagoo Malaysia

Trust: 1.71

sources: NVD: CVE-2018-14984 // JVNDB: JVNDB-2018-014505 // VULHUB: VHN-125198

AFFECTED PRODUCTS

vendor:leagoomodel:z5cscope:eqversion: -

Trust: 1.0

vendor:leagoo globalmodel:z5cscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014505 // NVD: CVE-2018-14984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14984
value: HIGH

Trust: 1.0

NVD: CVE-2018-14984
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-1247
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125198
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14984
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125198
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14984
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125198 // JVNDB: JVNDB-2018-014505 // CNNVD: CNNVD-201812-1247 // NVD: CVE-2018-14984

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-125198 // JVNDB: JVNDB-2018-014505 // NVD: CVE-2018-14984

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-1247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014505

PATCH
title:Top Pageurl:https://www.leagoo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014505

EXTERNAL IDS
db:NVDid:CVE-2018-14984
Trust: 2.5
db:JVNDBid:JVNDB-2018-014505
Trust: 0.8
db:CNNVDid:CNNVD-201812-1247
Trust: 0.7
db:VULHUBid:VHN-125198
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125198 // 
            
            
            
            JVNDB: JVNDB-2018-014505 // 
            
            
            
            CNNVD: CNNVD-201812-1247 // 
            
            
            
            NVD: CVE-2018-14984

REFERENCES
url:https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf
Trust: 2.5
url:https://www.kryptowire.com/portal/android-firmware-defcon-2018/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14984
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14984
Trust: 0.8
sources:
            
            
            VULHUB: VHN-125198 // 
            
            
            
            JVNDB: JVNDB-2018-014505 // 
            
            
            
            CNNVD: CNNVD-201812-1247 // 
            
            
            
            NVD: CVE-2018-14984

SOURCES
db:VULHUBid:VHN-125198
db:JVNDBid:JVNDB-2018-014505
db:CNNVDid:CNNVD-201812-1247
db:NVDid:CVE-2018-14984

LAST UPDATE DATE
2024-11-23T23:08:32.659000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125198date:2019-02-14T00:00:00
db:JVNDBid:JVNDB-2018-014505date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-1247date:2019-02-18T00:00:00
db:NVDid:CVE-2018-14984date:2024-11-21T03:50:15.097

SOURCES RELEASE DATE
db:VULHUBid:VHN-125198date:2018-12-28T00:00:00
db:JVNDBid:JVNDB-2018-014505date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-1247date:2018-12-29T00:00:00
db:NVDid:CVE-2018-14984date:2018-12-28T21:29:00.307