Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2016-6564

🗓️ 13 Jul 2018 20:00:00Reported by certccType 
cve
 cve🔗 web.nvd.nist.gov👁 56 Views🌐 WEB

Android devices with Ragentek code contain a privileged binary for OTA update checks. The binary runs with root privileges and communicates with unencrypted HTTP, making it vulnerable to execution of arbitrary commands as root, application installs, and configuration updates

Related
Detection
Affected
Refs
Paths
NVD
Node
infinixauthorityhot_x507_firmwareMatch-
AND
infinixauthorityhot_x507Match-
Node
infinixauthorityhot_2_x510_firmwareMatch-
AND
infinixauthorityhot_2_x510Match-
Node
infinixauthorityzero_x506_firmwareMatch-
AND
infinixauthorityzero_x506Match-
Node
infinixauthorityzero_2_x509_firmwareMatch-
AND
infinixauthorityzero_2_x509Match-
Node
bluproductsstudio_g_firmwareMatch-
AND
bluproductsstudio_gMatch-
Node
bluproductsstudio_g_plus_firmwareMatch-
AND
bluproductsstudio_g_plusMatch-
Node
bluproductsstudio_6.0_hd_firmwareMatch-
AND
bluproductsstudio_6.0_hdMatch-
Node
bluproductsstudio_x_firmwareMatch-
AND
bluproductsstudio_xMatch-
Node
bluproductsstudio_x_plus_firmwareMatch-
AND
bluproductsstudio_x_plusMatch-
Node
bluproductsstudio_c_hd_firmwareMatch-
AND
bluproductsstudio_c_hdMatch-
Node
xolocube_5.0_firmwareMatch-
AND
xolocube_5.0Match-
Node
beelinepro_2_firmwareMatch-
AND
beelinepro_2Match-
Node
iku-mobilecolorful_k45i_firmwareMatch-
AND
iku-mobilecolorful_k45iMatch-
Node
leagoolead_5_firmwareMatch-
AND
leagoolead_5Match-
Node
leagoolead_6_firmwareMatch-
AND
leagoolead_6Match-
Node
leagoolead_3i_firmwareMatch-
AND
leagoolead_3iMatch-
Node
leagoolead_2s_firmwareMatch-
AND
leagoolead_2sMatch-
Node
leagooalfa_6_firmwareMatch-
AND
leagooalfa_6Match-
Node
doogeevoyager_2_dg310i_firmwareMatch-
AND
doogeevoyager_2_dg310iMatch-
[
  {
    "product": "Android software",
    "vendor": "Ragentek",
    "versions": [
      {
        "status": "unknown",
        "version": "N/A"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
dataquery param/pagt/agentUnencrypted OTA command channel using POST with data parameter enabling remote execution on rooted devices.CWE-264CWE-494

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 02:56Current
8.3High risk
Vulners AI Score8.3
CVSS 38.1
CVSS 29.3
EPSS0.00341
CWE-264CWE-494
androidragentekotaupdate checksroot privilegesunencrypted communicationhttpvulnerabilityarbitrary commandsroot accessapplication installsconfiguration updatessecuritycve-2016-6564
56