CVE-2018-14992

🗓️ 28 Dec 2018 21:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

ASUS ZenFone 3 Max Android device with pre-installed platform app com.asus.dm has an exposed service allowing arbitrary app installation

Reporter	Title	Published	Views	Family All 5
CNVD	ASUS ZenFone 3 Max has an unspecified vulnerability	2 Jan 201900:00	–	cnvd
Cvelist	CVE-2018-14992	28 Dec 201821:00	–	cvelist
EUVD	EUVD-2018-6874	7 Oct 202500:30	–	euvd
NVD	CVE-2018-14992	28 Dec 201821:29	–	nvd
Prion	Code injection	28 Dec 201821:29	–	prion

NVD

Node

AND

Source	Link
kryptowire	www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf
kryptowire	www.kryptowire.com/portal/android-firmware-defcon-2018/

Parameter	Position	Path	Description
download URL	path	com.asus.dm.installer.DMInstallerService	Exported unprotected Android service that can be triggered by any app on the device to download and install arbitrary apps, enabling programmatic installation and uninstallation via intent data.
package name	path	com.asus.dm.installer.DMInstallerService	Exported unprotected Android service that can be triggered by any app on the device to download and install arbitrary apps, enabling programmatic installation and uninstallation via intent data.
version name	path	com.asus.dm.installer.DMInstallerService	Exported unprotected Android service that can be triggered by any app on the device to download and install arbitrary apps, enabling programmatic installation and uninstallation via intent data.
MD5 hash	path	com.asus.dm.installer.DMInstallerService	Exported unprotected Android service that can be triggered by any app on the device to download and install arbitrary apps, enabling programmatic installation and uninstallation via intent data.

17 Jun 2026 01:42Current

5.4Medium risk

Vulners AI Score5.4

CVSS 22.1

CVSS 35.5

EPSS0.00365