ID

VAR-201911-0582


CVE

CVE-2019-15466


TITLE

Xiaomi Redmi 6 Pro access control error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-27288 // CNNVD: CNNVD-201911-970

DESCRIPTION

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Xiaomi Redmi 6 Pro Android The device is vulnerable to an externally controllable reference to another area resource.Information may be altered. Xiaomi Redmi 6 Pro is a smartphone from the Chinese company Xiaomi. The com.huaqin.factory app in Xiaomi Redmi 6 Pro (build fingerprint: xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys) has an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2019-15466 // JVNDB: JVNDB-2019-012139 // CNVD: CNVD-2020-27288 // VULMON: CVE-2019-15466

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27288

AFFECTED PRODUCTS

vendor:mimodel:redmi 6 proscope:eqversion: -

Trust: 2.2

vendor:xiaomimodel:redmi 6 proscope: - version: -

Trust: 0.8

vendor:xiaomimodel:redmi proscope:eqversion:6

Trust: 0.6

sources: CNVD: CNVD-2020-27288 // JVNDB: JVNDB-2019-012139 // CNNVD: CNNVD-201911-970 // NVD: CVE-2019-15466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15466
value: LOW

Trust: 1.0

NVD: CVE-2019-15466
value: LOW

Trust: 0.8

CNVD: CNVD-2020-27288
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-970
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-15466
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15466
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-27288
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15466
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15466
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27288 // VULMON: CVE-2019-15466 // JVNDB: JVNDB-2019-012139 // CNNVD: CNNVD-201911-970 // NVD: CVE-2019-15466

PROBLEMTYPE DATA

problemtype:CWE-610

Trust: 1.8

sources: JVNDB: JVNDB-2019-012139 // NVD: CVE-2019-15466

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-970

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-970

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012139

PATCH

title:Redmi 6 Prourl:https://www.mi.com/in/redmi-6-pro/

Trust: 0.8

sources: JVNDB: JVNDB-2019-012139

EXTERNAL IDS

db:NVDid:CVE-2019-15466

Trust: 3.1

db:JVNDBid:JVNDB-2019-012139

Trust: 0.8

db:CNVDid:CNVD-2020-27288

Trust: 0.6

db:CNNVDid:CNNVD-201911-970

Trust: 0.6

db:VULMONid:CVE-2019-15466

Trust: 0.1

sources: CNVD: CNVD-2020-27288 // VULMON: CVE-2019-15466 // JVNDB: JVNDB-2019-012139 // CNNVD: CNNVD-201911-970 // NVD: CVE-2019-15466

REFERENCES

url:https://www.kryptowire.com/android-firmware-2019/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-15466

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15466

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/610.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-27288 // VULMON: CVE-2019-15466 // JVNDB: JVNDB-2019-012139 // CNNVD: CNNVD-201911-970 // NVD: CVE-2019-15466

SOURCES

db:CNVDid:CNVD-2020-27288
db:VULMONid:CVE-2019-15466
db:JVNDBid:JVNDB-2019-012139
db:CNNVDid:CNNVD-201911-970
db:NVDid:CVE-2019-15466

LAST UPDATE DATE

2024-11-23T22:37:36.455000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27288date:2021-02-23T00:00:00
db:VULMONid:CVE-2019-15466date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-012139date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-970date:2019-12-02T00:00:00
db:NVDid:CVE-2019-15466date:2024-11-21T04:28:47.987

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27288date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-15466date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012139date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-970date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15466date:2019-11-14T17:15:24.130