Details of VAR-201911-0489

ID

VAR-201911-0489

CVE

CVE-2019-15420

TITLE

Blackview BV9000Pro-F Android Vulnerability related to externally controllable references to other domain resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012362

DESCRIPTION

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Blackview BV9000Pro-F Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Blackview BV9000Pro-F is a smart phone from Blackview, Hong Kong, China. The com.mediatek.factorymode app in Blackview BV9000Pro-F (build fingerprint: Blackview / BV9000Pro-F / BV9000Pro-F: 7.1.1 / N4F26M / 1514363110: user / release-keys) has a security vulnerability. This vulnerability could be used by an attacker to unauthorizedly modify wireless settings by other applications on the device

Trust: 2.16

sources: NVD: CVE-2019-15420 // JVNDB: JVNDB-2019-012362 // CNVD: CNVD-2019-46412

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-46412

AFFECTED PRODUCTS

vendor:	blackview	model:	bv9000pro-f	scope:	eq	version:	-	Trust: 2.2
vendor:	blackview	model:	bv9000pro-f	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2019-46412 // JVNDB: JVNDB-2019-012362 // CNNVD: CNNVD-201911-923 // NVD: CVE-2019-15420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15420
value:	LOW
Trust: 1.0
NVD:	CVE-2019-15420
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-46412
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201911-923
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2019-15420
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-46412
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-15420
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15420
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-46412 // JVNDB: JVNDB-2019-012362 // CNNVD: CNNVD-201911-923 // NVD: CVE-2019-15420

PROBLEMTYPE DATA

problemtype:

CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012362 // NVD: CVE-2019-15420

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-923

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-923

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012362

PATCH

title:

Top Page

url:

https://www.blackview.hk/

Trust: 0.8

sources: JVNDB: JVNDB-2019-012362

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15420	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-012362	Trust: 0.8
db:	CNVD	id:	CNVD-2019-46412	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-923	Trust: 0.6

sources: CNVD: CNVD-2019-46412 // JVNDB: JVNDB-2019-012362 // CNNVD: CNNVD-201911-923 // NVD: CVE-2019-15420

REFERENCES

url:	https://www.kryptowire.com/android-firmware-2019/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15420	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15420	Trust: 0.8

sources: CNVD: CNVD-2019-46412 // JVNDB: JVNDB-2019-012362 // CNNVD: CNNVD-201911-923 // NVD: CVE-2019-15420

SOURCES

db:	CNVD	id:	CNVD-2019-46412
db:	JVNDB	id:	JVNDB-2019-012362
db:	CNNVD	id:	CNNVD-201911-923
db:	NVD	id:	CVE-2019-15420

LAST UPDATE DATE

2024-11-23T22:41:18.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46412	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-012362	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-923	date:	2019-11-27T00:00:00
db:	NVD	id:	CVE-2019-15420	date:	2024-11-21T04:28:41.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-46412	date:	2019-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-012362	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201911-923	date:	2019-11-14T00:00:00
db:	NVD	id:	CVE-2019-15420	date:	2019-11-14T17:15:21.147