Sign-up

ID

VAR-201911-0501


CVE

CVE-2019-15336


TITLE

Lava Z61 Turbo Android Vulnerability with improper permission assignment to critical resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012255

DESCRIPTION

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Z61 Turbo Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Z61 Turbo is a smartphone from Lava company in India. Lava Z61 Turbo has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

Trust: 2.16

sources: NVD: CVE-2019-15336 // JVNDB: JVNDB-2019-012255 // CNVD: CNVD-2020-14801

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14801

AFFECTED PRODUCTS

vendor:lavamobilesmodel:z61scope:eqversion: -

Trust: 2.2

vendor:lavamodel:z61scope: - version: -

Trust: 0.8

vendor:lavamodel:z61 turboscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14801 // JVNDB: JVNDB-2019-012255 // CNNVD: CNNVD-201911-832 // NVD: CVE-2019-15336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15336
value: LOW

Trust: 1.0

NVD: CVE-2019-15336
value: LOW

Trust: 0.8

CNVD: CNVD-2020-14801
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-832
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15336
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14801
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15336
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15336
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14801 // JVNDB: JVNDB-2019-012255 // CNNVD: CNNVD-201911-832 // NVD: CVE-2019-15336

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2019-012255 // NVD: CVE-2019-15336

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-832

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-832

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012255

PATCH
title:Z61url:https://www.lavamobiles.com/smartphone/z61
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012255

EXTERNAL IDS
db:NVDid:CVE-2019-15336
Trust: 3.0
db:JVNDBid:JVNDB-2019-012255
Trust: 0.8
db:CNVDid:CNVD-2020-14801
Trust: 0.6
db:CNNVDid:CNNVD-201911-832
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14801 // 
            
            
            
            JVNDB: JVNDB-2019-012255 // 
            
            
            
            CNNVD: CNNVD-201911-832 // 
            
            
            
            NVD: CVE-2019-15336

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15336
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15336
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14801 // 
            
            
            
            JVNDB: JVNDB-2019-012255 // 
            
            
            
            CNNVD: CNNVD-201911-832 // 
            
            
            
            NVD: CVE-2019-15336

SOURCES
db:CNVDid:CNVD-2020-14801
db:JVNDBid:JVNDB-2019-012255
db:CNNVDid:CNNVD-201911-832
db:NVDid:CVE-2019-15336

LAST UPDATE DATE
2024-11-23T23:04:35.921000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14801date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012255date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-832date:2019-12-02T00:00:00
db:NVDid:CVE-2019-15336date:2024-11-21T04:28:29.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14801date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012255date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-832date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15336date:2019-11-14T17:15:15.083