Sign-up

ID

VAR-201911-0499


CVE

CVE-2019-15334


TITLE

Lava Iris 88 Go Android Vulnerability with improper permission assignment to critical resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012228

DESCRIPTION

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Iris 88 Go Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Iris 88 Go is a smartphone from Lava, India. Lava Iris 88 Go has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

Trust: 2.25

sources: NVD: CVE-2019-15334 // JVNDB: JVNDB-2019-012228 // CNVD: CNVD-2020-16014 // VULMON: CVE-2019-15334

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16014

AFFECTED PRODUCTS

vendor:lavamobilesmodel:iris 88scope:eqversion: -

Trust: 2.2

vendor:lavamodel:iris 88scope: - version: -

Trust: 0.8

vendor:lavamodel:iris goscope:eqversion:88

Trust: 0.6

sources: CNVD: CNVD-2020-16014 // JVNDB: JVNDB-2019-012228 // CNNVD: CNNVD-201911-830 // NVD: CVE-2019-15334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15334
value: LOW

Trust: 1.0

NVD: CVE-2019-15334
value: LOW

Trust: 0.8

CNVD: CNVD-2020-16014
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-830
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-15334
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15334
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-16014
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15334
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15334
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16014 // VULMON: CVE-2019-15334 // JVNDB: JVNDB-2019-012228 // CNNVD: CNNVD-201911-830 // NVD: CVE-2019-15334

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2019-012228 // NVD: CVE-2019-15334

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-830

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-830

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012228

PATCH
title:iris 88url:https://www.lavainternational.com/en/product/iris88.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012228

EXTERNAL IDS
db:NVDid:CVE-2019-15334
Trust: 3.1
db:JVNDBid:JVNDB-2019-012228
Trust: 0.8
db:CNVDid:CNVD-2020-16014
Trust: 0.6
db:CNNVDid:CNNVD-201911-830
Trust: 0.6
db:VULMONid:CVE-2019-15334
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-16014 // 
            
            
            
            VULMON: CVE-2019-15334 // 
            
            
            
            JVNDB: JVNDB-2019-012228 // 
            
            
            
            CNNVD: CNNVD-201911-830 // 
            
            
            
            NVD: CVE-2019-15334

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15334
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15334
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-15334\\
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-16014 // 
            
            
            
            VULMON: CVE-2019-15334 // 
            
            
            
            JVNDB: JVNDB-2019-012228 // 
            
            
            
            CNNVD: CNNVD-201911-830 // 
            
            
            
            NVD: CVE-2019-15334

SOURCES
db:CNVDid:CNVD-2020-16014
db:VULMONid:CVE-2019-15334
db:JVNDBid:JVNDB-2019-012228
db:CNNVDid:CNNVD-201911-830
db:NVDid:CVE-2019-15334

LAST UPDATE DATE
2024-11-23T22:11:46.616000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16014date:2020-03-08T00:00:00
db:VULMONid:CVE-2019-15334date:2019-11-22T00:00:00
db:JVNDBid:JVNDB-2019-012228date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-830date:2019-12-02T00:00:00
db:NVDid:CVE-2019-15334date:2024-11-21T04:28:28.777

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16014date:2020-03-08T00:00:00
db:VULMONid:CVE-2019-15334date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012228date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-830date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15334date:2019-11-14T17:15:14.960