VARIoT IoT vulnerabilities database

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon iClick Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Camon iClick is a smartphone from China Transsion. Tecno Camon iClick has an unknown vulnerability. And text messages

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J7 Neo Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J7 Neo is a smartphone from Samsung in South Korea. There is an access control error vulnerability in com.samsung.android.themecenter app in Samsung J7 Neo (build fingerprint: samsung / j7veltedx / j7velte: 8.1.0 / M1AJQ / J701FXVS6BSC1: user / release-keys). The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time

The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Asus ZenFone 5Q Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS ZenFone 5Q is a smartphone from ASUS, Taiwan. ASUS ZenFone 5Q has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon iClick 2 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Transsion Tecno Camon iClick 2 is a smartphone from China Transsion. Tecno Camon iClick 2 has an unknown vulnerability. And text messages

The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. BQ 5515L Android The device is vulnerable to a lack of authentication.Information may be altered. BQ 5515L is a smart phone. BQ 5515L has an access control error vulnerability. An attacker could use this vulnerability to modify system properties

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. In addition to the local attack surface, its accompanying app with a package name of com.ekesoo.lovelyhifonts makes network requests using HTTP and an attacker can perform a Man-in-the-Middle (MITM) attack on the connection to inject a command in a network response that will be executed as the system user by the com.lovelyfont.defcontainer app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Coolpad 1851 Android The device contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Yulong Computer Communication Technology Coolpad 1851 is a smart phone of China Yulong Computer Communication Technology Company. Yulong Computer Communication Technology Coolpad 1851 has an injection vulnerability. An attacker could use this vulnerability to execute commands through an accessible application component

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that export their capabilities to other pre-installed app. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Redmi Note 6 Pro Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be obtained. Xiaomi Redmi Note 6 Pro is a smartphone from China Xiaomi Technology. Access control for com.qualcomm.qti.callenhancement app in Xiaomi Redmi Note 6 Pro (build fingerprint:xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys) Error vulnerability. An attacker could use the vulnerability to make unauthorized microphone recordings with third-party software

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Lava Z60s Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Z60s is a smartphone. Lava Z60s has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to modify system properties

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J7 Pro Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J7 Pro is a smartphone from Samsung in South Korea. Samsung J7 Pro has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung S7 Edge Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung S7 Edge is a smartphone from Samsung in South Korea. The Samsung S7 Edge has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password

The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung A3 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung A3 is a smartphone from Samsung in South Korea. There is a security hole in the com.samsung.android.themecenter app in Samsung A3 (build fingerprint: samsung / a3y17ltedx / a3y17lte: 8.0.0 / R16NW / A320YDXU4CSB3: user / release-keys). An attacker could use this vulnerability to install software using other pre-installed software

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon iAir 2 Plus Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Tecno Camon iAir 2 Plus is a smartphone of China Transit Corporation. There is a security vulnerability in com.lovelyfont.defcontainer in Tecno Camon iAir 2 Plus (build fingerprint: TECNO/H622/TECNO-ID3k: 8.1.0/O11019/E-180914V83: user/release-keys)

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. ABB Plant Connect is a plant monitoring and management system

The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Elephone A4 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Elephone A4 is a smartphone from China ELEPHONE Communication Technology. Elephone A4 has an access control error vulnerability. The vulnerability originates from a network system or product that incorrectly restricts access to resources from unauthorized roles. An attacker could use this vulnerability to modify system attributes without authorization

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device. Asus ASUS_X00K_1 Android The device is vulnerable to an externally controllable reference to another realm resource.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS ASUS_X00K_1 is a smartphone from ASUS, Taiwan. The com.lovelyfont.defcontainer app in Asus ASUS_X00K_1 (build fingerprint: asus / CN_X00K / ASUS_X00K_1: 7.0 / NRD90M / CN_X00K-14.01.1711.27-20180420: user / release-keys) has a security vulnerability. An attacker could use this vulnerability to execute unauthorized commands with other applications on the device

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Iris 88 Lite Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Iris 88 Lite is a smartphone from Lava, India. Lava Iris 88 Lite has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Lava Flair Z1 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Lava Flair Z1 is a smartphone from Lava company in India. Lava Flair Z1 has an unknown vulnerability. An attacker could use this vulnerability to unauthorizedly switch Wi-Fi on

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Coolpad 1851 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Yulong Computer Communication Technology Coolpad 1851 is a smart phone of China Yulong Computer Communication Technology Company. Yulong Computer Communication Technology Coolpad 1851 has an unknown vulnerability. An attacker could use this vulnerability to modify system properties

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Lava Iris 88 Lite Android The device is vulnerable to a lack of authentication.Information may be tampered with. An attacker could use this vulnerability to modify system properties