VARIoT IoT vulnerabilities database

The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung XCover4 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung XCover4 is a smartphone from Samsung in South Korea. Samsung XCover4 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon iClick Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Camon iClick is a smartphone from China Transsion. Tecno Camon iClick has an unknown vulnerability. And text messages

The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Asus ASUS_A002_2 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS ASUS_A002_2 is a smart phone from Taiwan ASUS. ASUS ASUS_A002_2 An access control error vulnerability exists. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component

The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J5 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J5 is a smartphone from Samsung in South Korea. Samsung J5 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Asus ZenFone 4 Selfie Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS ZenFone 4 Selfie is a smartphone from ASUS, Taiwan. ASUS ZenFone 4 Selfie has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Mi A2 Lite Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Xiaomi Mi A2 Lite is a smartphone from China Xiaomi Technology. The com.qualcomm.qti.callenhancement app in Xiaomi Mi A2 Lite (build fingerprint:xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys) has a security vulnerability. An attacker can exploit this vulnerability for unauthorized microphone recording

The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung S7 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J3 is a smartphone from Samsung in South Korea. There is an access control error vulnerability in com.samsung.android.themecenter app in Samsung J3 (build fingerprint: samsung / j3y17ltedx / j3y17lte: 8.0.0 / R16NW / J330GDXS3BSC1: user / release-keys). The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are currently provided

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. Zyxel GS1900 An input validation vulnerability exists in the device firmware.Information may be altered. ZyXEL GS1900 is a managed switch of ZyXEL Corporation in Taiwan. There is a security vulnerability in Zyxel GS1900 using firmware versions prior to 2.50 (AAHH.0) C0

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Dexp BL250 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Dexp BL250 is a smartphone. Dexp BL250 has an unknown vulnerability. An attacker could use this vulnerability to modify system properties

The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Asus ZenFone Live Android device Contains a vulnerability in externally controllable references to other realm resources.Information may be tampered with. ASUS ZenFone Live is a smart phone from ASUS, Taiwan, China. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles. No detailed vulnerability details are currently provided

The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Camon is a Camon series smartphone from China Transsion Corporation. Tecno Camon has an unknown vulnerability

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Infinix Note 5 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Infinix Note 5 is a smartphone from China Infinix. Infinix Note 5 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to modify system properties

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J7 Neo Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J7 Neo is a smartphone from Samsung in South Korea. Samsung J7 Neo has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Blackview BV9000Pro-F Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Blackview BV9000Pro-F is a smart phone from Blackview, Hong Kong, China. The com.mediatek.factorymode app in Blackview BV9000Pro-F (build fingerprint: Blackview / BV9000Pro-F / BV9000Pro-F: 7.1.1 / N4F26M / 1514363110: user / release-keys) has a security vulnerability. This vulnerability could be used by an attacker to unauthorizedly modify wireless settings by other applications on the device

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands via shell script to be executed as the system user that are triggered by writing an attacker-selected message to the logcat log. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing commands as the system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tecno Camon is a Camon series smartphone from China Transsion. Tecno Camon has an unknown vulnerability. And text messages

The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Symphony i95 Lite Android The device is vulnerable to a lack of authentication.Information may be tampered with. Symphony i95 Lite is a smartphone. An attacker could use this vulnerability to modify system properties

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Haier A6 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Haier A6 is a smartphone from Haier of China. Haier A6 has an unknown vulnerability. An attacker could use this vulnerability to modify system properties

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Hisense F17 Android The device is vulnerable to a lack of authentication.Information may be tampered with. Hisense F17 is a smart phone from Hisense, China. Hisense F17 has an access control error vulnerability. An attacker could use this vulnerability to modify system properties

The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Blackview BV7000_Pro Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Blackview BV7000_Pro is a smart phone from Blackview, Hong Kong, China. The com.mediatek.factorymode app in Blackview BV7000_Pro (build fingerprint: Blackview / BV7000_Pro / BV7000_Pro: 7.0 / NRD90M / 1493011204: user / release-keys) has a security vulnerability. This vulnerability could be used by an attacker to unauthorizedly modify wireless settings by other applications on the device