CVE-2019-15356

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...

CVE-2019-15356

The CVE-2019-15356 entry describes a local vulnerability on the Lava Flair Z1 Android device (build LAVA/Z1/Z1:8.1.0). A pre-installed app (package com.mediatek.wfo.impl, versionCode 27, versionName 8.1.0) exposes an interface that lets co-located apps modify a system property without proper auth...

CVE-2019-15354

The CVE-2019-15354 entry concerns the Ulefone Armor 5 Android device. A pre-installed app (package com.mediatek.wfo.impl, v8.1.0) exposes an interface that allows any co-located app to modify a system property without proper authorization. This constitutes a local-impact, integrity-related vulner...

CVE-2019-15354

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/UlefoneArmor5/UlefoneArmor5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

CVE-2019-15353

The CVE-2019-15353 entry applies to the Coolpad N3C Android device (build fingerprint Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys). A pre-installed app with package name com.mediatek.wfo.impl (versionCode=27, versionName=8.1.0) exposes an interface that allows any co-located app to ...

CVE-2019-15352

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...

CVE-2019-15348

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

CVE-2019-15345

The CVE-2019-15345 issue affects the Tecno Camon iClick. A pre-installed platform app com.lovelyfont.defcontainer (versionCode 7, versionName 7.0.8) exposes an exported service com.lovelyfont.manager.service.FunctionService that lets any co-located app supply a path to a Dex file, which it will d...

CVE-2019-15342

The CVE-2019-15342 vulnerability affects Tecno Camon iAir 2 Plus (TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys). A pre-installed platform app com.lovelyfont.defcontainer exposes FontCoverService, allowing any co-located app to submit arbitrary shell commands to be executed as ...

CVE-2019-15341

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2019-15339

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...

CVE-2019-15339

The CVE-2019-15339 entry applies to the Lava Z60s Android device, where a pre-installed app (package: com.android.lava.powersave, versionCode=400, versionName=v4.0.27) exposes an interface that lets any co-located app programmatically disable and enable Wi‑Fi without the required access permissio...

CVE-2019-15338

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the devic...

CVE-2019-15337

The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.31 that allows any app co-located on the device to programmatically...

CVE-2019-15337

The CVE-2019-15337 entry affects Lava Z81 devices running Android, due to a pre-installed app with package name com.android.lava.powersave (versionCode 400, versionName v4.0.31) that exposes an interface allowing any co-located app to programmatically disable and enable Wi‑Fi without the necessar...

CVE-2019-15333

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...

CVE-2019-15333

The CVE-2019-15333 issue affects Lava Flair Z1 (build LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys). A pre-installed app (com.android.lava.powersave, versionCode 400, versionName v4.0.27) exposes an exported interface that allows any co-located app to programmatically disable and enable W...

CVE-2019-15744

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyakisoftbank/keyakisoftbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app versionCode=1413005, versionName=1.3.0 that allows unauthoriz...

PhoneSploit v1.2 - Using Open Adb Ports We Can Exploit A Andriod Device

Using open Adb ports we can exploit an Andriod device. you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge” To find out how to access a local device -- https://www.youtube.com/watch?v=OlhCAX1qBQo Recent News New Update v.1.2 Port...

CVE-2019-5625 Eaton Halo Home Android App Insecure Storage

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...