CVE-2019-15371

The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system...

CVE-2019-15366

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...

CVE-2019-15372

The Hisense F17 Android device with a build fingerprint of Hisense/F174G/HS6739MT:8.1.0/O11019/HisenseF174G00S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...

CVE-2019-15368

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...

CVE-2019-15360

The Hisense U965 Android device with a build fingerprint of Hisense/U9654G10/HS6739MT:8.1.0/O11019/HisenseU9654G10S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to...

CVE-2019-15358

The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...

CVE-2019-15352

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...

CVE-2019-15356

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...

CVE-2019-15343

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...

CVE-2019-15347

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2019-15342

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2019-15337

The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.31 that allows any app co-located on the device to programmatically...

CVE-2019-15348

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

CVE-2019-15332

The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...

Authorization

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGARay530/ELUGARay530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the...

Authorization

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/PhotoPro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...

Authorization

The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power5/Power5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...

Authorization

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX00LD1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app versionCode=1, versionName=1 that allows any app co-located on the...

Command injection

The Asus ZenFone 5Q Android device with a build fingerprint of asus/WWPhone/ASUSX017D2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

Authorization

The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to...