Sign-up

ID

VAR-201911-0503


CVE

CVE-2019-15338


TITLE

Lava Iris 88 Lite Android Vulnerability with improper permission assignment to critical resources on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012257

DESCRIPTION

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Iris 88 Lite Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Iris 88 Lite is a smartphone from Lava, India. Lava Iris 88 Lite has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

Trust: 2.16

sources: NVD: CVE-2019-15338 // JVNDB: JVNDB-2019-012257 // CNVD: CNVD-2020-14786

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14786

AFFECTED PRODUCTS

vendor:lavamobilesmodel:iris 88scope:eqversion: -

Trust: 2.2

vendor:lavamodel:iris 88scope: - version: -

Trust: 0.8

vendor:lavamodel:iris litescope:eqversion:88

Trust: 0.6

sources: CNVD: CNVD-2020-14786 // JVNDB: JVNDB-2019-012257 // CNNVD: CNNVD-201911-834 // NVD: CVE-2019-15338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15338
value: LOW

Trust: 1.0

NVD: CVE-2019-15338
value: LOW

Trust: 0.8

CNVD: CNVD-2020-14786
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-834
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15338
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14786
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15338
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15338
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14786 // JVNDB: JVNDB-2019-012257 // CNNVD: CNNVD-201911-834 // NVD: CVE-2019-15338

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2019-012257 // NVD: CVE-2019-15338

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-834

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-834

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012257

PATCH
title:iris 88url:https://www.lavainternational.com/en/product/iris88.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012257

EXTERNAL IDS
db:NVDid:CVE-2019-15338
Trust: 3.0
db:JVNDBid:JVNDB-2019-012257
Trust: 0.8
db:CNVDid:CNVD-2020-14786
Trust: 0.6
db:CNNVDid:CNNVD-201911-834
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14786 // 
            
            
            
            JVNDB: JVNDB-2019-012257 // 
            
            
            
            CNNVD: CNNVD-201911-834 // 
            
            
            
            NVD: CVE-2019-15338

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15338
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15338
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14786 // 
            
            
            
            JVNDB: JVNDB-2019-012257 // 
            
            
            
            CNNVD: CNNVD-201911-834 // 
            
            
            
            NVD: CVE-2019-15338

SOURCES
db:CNVDid:CNVD-2020-14786
db:JVNDBid:JVNDB-2019-012257
db:CNNVDid:CNNVD-201911-834
db:NVDid:CVE-2019-15338

LAST UPDATE DATE
2024-11-23T22:21:24.669000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14786date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012257date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-834date:2019-12-02T00:00:00
db:NVDid:CVE-2019-15338date:2024-11-21T04:28:29.357

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14786date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2019-012257date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-834date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15338date:2019-11-14T17:15:15.210