Sign-up

ID

VAR-201911-0498


CVE

CVE-2019-15333


TITLE

Lava Flair Z1 Android Vulnerability with improper permission assignment to critical resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012233

DESCRIPTION

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Flair Z1 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Flair Z1 is a smartphone from Lava company in India. Lava Flair Z1 has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

Trust: 2.16

sources: NVD: CVE-2019-15333 // JVNDB: JVNDB-2019-012233 // CNVD: CNVD-2020-14800

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14800

AFFECTED PRODUCTS

vendor:lavamobilesmodel:flair z1scope:eqversion: -

Trust: 2.2

vendor:lavamodel:flair z1scope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2020-14800 // JVNDB: JVNDB-2019-012233 // CNNVD: CNNVD-201911-829 // NVD: CVE-2019-15333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15333
value: LOW

Trust: 1.0

NVD: CVE-2019-15333
value: LOW

Trust: 0.8

CNVD: CNVD-2020-14800
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-829
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15333
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14800
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15333
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15333
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14800 // JVNDB: JVNDB-2019-012233 // CNNVD: CNNVD-201911-829 // NVD: CVE-2019-15333

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2019-012233 // NVD: CVE-2019-15333

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-829

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-829

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012233

PATCH
title:Lava Flair Z1url:https://www.lavamobiles.com/smartphones/flair-z1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012233

EXTERNAL IDS
db:NVDid:CVE-2019-15333
Trust: 3.0
db:JVNDBid:JVNDB-2019-012233
Trust: 0.8
db:CNVDid:CNVD-2020-14800
Trust: 0.6
db:CNNVDid:CNNVD-201911-829
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14800 // 
            
            
            
            JVNDB: JVNDB-2019-012233 // 
            
            
            
            CNNVD: CNNVD-201911-829 // 
            
            
            
            NVD: CVE-2019-15333

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15333
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15333
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-15333\\
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14800 // 
            
            
            
            JVNDB: JVNDB-2019-012233 // 
            
            
            
            CNNVD: CNNVD-201911-829 // 
            
            
            
            NVD: CVE-2019-15333

SOURCES
db:CNVDid:CNVD-2020-14800
db:JVNDBid:JVNDB-2019-012233
db:CNNVDid:CNNVD-201911-829
db:NVDid:CVE-2019-15333

LAST UPDATE DATE
2024-11-23T23:11:38.138000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14800date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012233date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-829date:2019-12-02T00:00:00
db:NVDid:CVE-2019-15333date:2024-11-21T04:28:28.630

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14800date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012233date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-829date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15333date:2019-11-14T17:15:14.913