489 matches found
Command injection
The Asus ZenFone 3 Android device with a build fingerprint of asus/WWPhone/ASUSZ012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000015, versionName=7.0.0.3161222 that allows other...
Authorization
The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm66064/sdm66064:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app versionCode=1, versionName=1 that allows any app co-located on the devic...
Design/Logic Flaw
The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...
Design/Logic Flaw
The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3GARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app versionCode=1, versionName=1 that allows any app co-located on the device to...
Code injection
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed apps...
Authorization
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify ...
Command injection
The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WWPhone/ASUSA001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app versionCode=1510200105, versionName=1.2.0.21180605 that allows othe...
Code injection
The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed...
Command injection
The Asus ASUSX00LD3 Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...
Design/Logic Flaw
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisysprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized microphon...
Code injection
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed apps...
Code injection
The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-install...
Command injection
The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...
Code injection
The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed ap...
Command injection
The Asus ASUSA002 Android device with a build fingerprint of asus/WWASUSA002/ASUSA002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...
Input validation
The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...
CVE-2019-15475
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onceea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized microphone audio...
CVE-2019-15474
The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized microphone aud...
CVE-2019-15473
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasminesprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized...
CVE-2019-15473
The CVE-2019-15473 entry concerns the Xiaomi Mi A2 Lite (build jasmine_sprout:9; PKQ1.180904.001/V10.0.2.0.PDIMIFJ) which ships a pre-installed com.qualcomm.qti.callenhancement app. The issue allows unauthorized microphone audio recording via a confused deputy attack that can be triggered by any ...