VARIoT IoT vulnerabilities database

WebUploader is a simple modern file uploading component developed by Baidu WebFE (FEX) team. It is mainly based on HTML5 and supplemented by FLASH. A file upload vulnerability exists in the Baidu WebUploader component. This vulnerability is caused by the WebUploader component upload page's lax filtering of file types or file extensions. Attackers can use the vulnerability to upload directly or simply bypass the upload upload script file, execute system commands, and obtain website server permissions.

LJ1680 Home Edition is a black and white laser printer with a black and white print speed of 16ppm and a maximum resolution of 1200x1200dpi. Lenovo LJ1680 Home Edition (Win7 64bit) has a memory corruption vulnerability. The vulnerability is due to the SSPORT.sys driver failing to properly check input parameters when processing IO request 0x9C402408. An attacker could exploit the vulnerability to cause memory write corruption and cause the operating system to crash.

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. Technicolor MediaAccess TG789vac v2 HP The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TechnicolorMediaAccessTG789vacv2HP is a gateway device of the French Technicolor group. A cross-site scripting vulnerability exists in the adminweb interface of the TechnicolorMediaAccess TG789vacv2HP device using firmware version 16.3.7190-2761005-20161004084353. A remote attacker can exploit this vulnerability to inject JavaScript code into the Logviewer interface with a specially crafted HTTPReferer header

The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. plural Xerox AltaLink The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiXeroxAltaLinkB80xx and others are all multi-function printer devices from Fuji Xerox. There are currently no detailed details of the vulnerability provided

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. EPON CPE-WiFi Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EPON CPE-WiFi is a wireless router

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. file 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] file (SSA:2019-054-01) New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg file-5.36-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld EIS -----END PGP SIGNATURE-----

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. August Connect The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. August Connect is a bridge device that supports Wi-Fi and Smart Lock connections. An attacker could use this vulnerability to obtain home Wi-Fi credentials

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. D-Link DIR-818LW and DIR-860L The device includes OS A command injection vulnerability exists. This vulnerability CVE-2018-6530 This is due to an incomplete fix for.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LWRev.A and DIR-860LRev.B are both D-Link wireless router products

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. GNU Binutils Contains a resource management vulnerability. This vulnerability CVE-2018-12698 Vulnerability associated with.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. Archive tools. GNU libiberty is a collection of subroutines used by one of the GNU programs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: gdb security, bug fix, and enhancement update Advisory ID: RHSA-2019:3352-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3352 Issue date: 2019-11-05 CVE Names: CVE-2018-20657 ===================================================================== 1. Summary: An update for gdb is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The GNU Debugger (GDB) allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fix(es): * libiberty: Memory leak in demangle_template function resulting in a denial of service (CVE-2018-20657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gdb-8.2-6.el8.src.rpm aarch64: gdb-8.2-6.el8.aarch64.rpm gdb-debuginfo-8.2-6.el8.aarch64.rpm gdb-debugsource-8.2-6.el8.aarch64.rpm gdb-gdbserver-8.2-6.el8.aarch64.rpm gdb-headless-8.2-6.el8.aarch64.rpm noarch: gdb-doc-8.2-6.el8.noarch.rpm ppc64le: gdb-8.2-6.el8.ppc64le.rpm gdb-debuginfo-8.2-6.el8.ppc64le.rpm gdb-debugsource-8.2-6.el8.ppc64le.rpm gdb-gdbserver-8.2-6.el8.ppc64le.rpm gdb-headless-8.2-6.el8.ppc64le.rpm s390x: gdb-8.2-6.el8.s390x.rpm gdb-debuginfo-8.2-6.el8.s390x.rpm gdb-debugsource-8.2-6.el8.s390x.rpm gdb-gdbserver-8.2-6.el8.s390x.rpm gdb-headless-8.2-6.el8.s390x.rpm x86_64: gdb-8.2-6.el8.x86_64.rpm gdb-debuginfo-8.2-6.el8.x86_64.rpm gdb-debugsource-8.2-6.el8.x86_64.rpm gdb-gdbserver-8.2-6.el8.x86_64.rpm gdb-headless-8.2-6.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20657 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcHrINzjgjWX9erEAQi+BRAApZdXPJJ26zUlJTvuQukcZEph27vRQB/d jQIODuXd1gftbKvUKpiPkMzt7mBMNZx1uwM+QGlxswbA8G72XqEhK8YfjnhuphfA svSWZJ9I98YWclkZuuFwK4jzmDfpnGjbmlSTDee7yIhJVLptGU/kLDbE88ZoNe1j HWbRoW6BGYUSR8/G+boDYRlyGK4qjdK13mwveieJCJ+8Ahd2fXkHQR6lyYX1g6OI qwW6UyTh6M2NJehlkq71YWpDtxi1lJDw126gMxBknd76DP5qTANUwLrbqJuim8t0 Vrw5k6QxZSXHjCDkHg227RwrZ7vt/NdsO3GGTWi4ScxrX6XWMITB3bpOZB74T8B2 GXkAoW/stnDezwMFgJAg1IeDvSDtY7Q//GT27fLPEXO7vQXsgkIqhJUPaFlIds3t PhdY3rBRt3H55QRS+m+P9+yVO8PRaOLDZnTLR360N849uT7HbXqlHhptBuSvO0+t dKkO0uSLcRVhm7A+cnBVsRMFnOMOLHpzXMYOZy4EhRN73YKscW4DDIJscFx/Dzcs uqDOgHLUTUctXw8MAK+eIR+408CbxTMgCh0e08TL9lLsDFPUvPRh6ztYMvTLlTiQ JlxBtFxuumruXU7wUutceMzO9naY0gzeHo0ZsaPzQ86a4H1t1q91Q+UAIkxKhR/4 DlNm9fiTI8c= =hzsQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. HHVM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. There are security vulnerabilities in Facebook HHVM 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier. An attacker could use this vulnerability to cause a denial of service

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). HHVM Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. There are security vulnerabilities in Facebook HHVM 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. No detailed vulnerability details are provided at this time

The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. Guardzilla GZ621W The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Guardzilla GZ621W is a home security surveillance camera. A remote attacker could exploit the vulnerability to execute code

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. Guardzilla GZ180 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Guardzilla GZ180 is a home security surveillance camera

Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. Contiki-NG Contains a buffer error vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT devices. Attackers can use this vulnerability to cause a denial of service (application crash)

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database. Battelle V2I Hub Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. Battelle V2I Hub Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Battelle V2I Hub Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. Battelle V2I Hub Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. Battelle V2I Hub Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app component named com.android.server.MasterClearReceiver instead of statically registering it in the AndroidManifest.xml file of the core Android package, as done in Android Open Source Project (AOSP) code for Android 4.4.2. The dynamic-registration of the MasterClearReceiver broadcast receiver app component is not protected with the android.permission.MASTER_CLEAR permission during registration, so any app co-located on the device, even those without any permissions, can programmatically initiate a factory reset of the device. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of core Android process. MXQ TV Box Android The device contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. MXQ TV Box is a network set-top box based on Android platform