CVE-2024-13915 Unrestricted Access to Exported Service in com.pri.factorytest

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" version name: 1.0, version code: 1 exposes a ”com.pri.factorytest.emmc.FactoryResetService“...

CVE-2024-13915

CVE-2024-13915 describes preloaded Android apps on Ulefone and Krüger&Matz devices where com.pri.factorytest exposes com.pri.factorytest.emmc.FactoryResetService, allowing any installed app to trigger a device factory reset. Affected behavior is explicitly stated; the entry notes that the APK ver...

PT-2025-23310 · Unknown · Com.Pri.Factorytest

Name of the Vulnerable Software and Affected Versions: com.pri.factorytest versions 1.0 Android smartphones from Ulefone and Krüger&Matz affected versions not specified Description: The issue concerns an application "com.pri.factorytest" preloaded onto Android smartphones from vendors such as...

Krüger&Matz com.pri.factorytest和Ulefone com.pri.factorytest 安全漏洞

Krüger&Matz com.pri.factorytest is a mobile application component from Krüger&Matz.Ulefone com.pri.factorytest is a cell phone component from Ulefone. A security vulnerability exists in Krüger&Matz com.pri.factorytest and Ulefone com.pri.factorytest, which stems from a pre-installed...

The vulnerability of the SSH protocol implementation in D-Link DWR-M972V router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the SSH protocol implementation in D-Link DWR-M972V router microprogramming devices lies in the possibility of resetting settings to their factory defaults due to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-30939

An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure...

CVE-2024-30536

Cross-Site Request Forgery CSRF vulnerability in WPFactory Slugs Manager.This issue affects Slugs Manager: from n/a through 2.6.7...

CVE-2024-20871

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection...

CVE-2024-40672

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-40677

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-49736

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-46340

TL-WR845NUNV4201214, TP-Link TL-WR845NUNV4200909, and TL-WR845NUNV4190219 was discovered to transmit user credentials in plaintext after executing a factory reset...

CVE-2024-10576

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact th...

CVE-2023-22920

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00ABMP.6C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet...

CVE-2023-21140

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21133

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21134

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21275

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-48407

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...