CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ThreatPost•added 2020/01/10 5:16 p.m.•166 views

Lifeline Assistance Phone Users Targeted with 'Uninstallable' Adware

Government-funded, low-cost cell phones are shipping with pre-installed malware aimed at bombing users with unwanted ads, according to researchers. The UMX U686CL Android-based phone, which is made available to low-income citizens in the U.S. via the Lifeline Assistance Program for $35, uses a...

9.3CVSS8AI score0.00241EPSS

Exploits0References10

Malwarebytes•added 2018/10/29 3:0 p.m.•57 views

Mobile Menace Monday: top five scariest mobile threats

In the spirit of this upcoming Halloween season, we thought we'd provide you with a list of the top five scariest mobile threats in our book. The list is organized from least to most haunting, based on my own humble opinion gathered from several years as a mobile threat researcher. Of course, my...

7.1AI score

ThreatPost•added 2018/05/03 8:14 p.m.•7 views

Phone Maker BLU Settles with FTC Over Unauthorized User Data Extraction

Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this we...

7.5AI score

Exploits0References6

Malwarebytes•added 2017/12/18 4:0 p.m.•24 views

Mobile Menace Monday: upping the ante on Adups

Adups is back on our radar. The same China-based company caught collecting an abundance of user data and creating a backdoor on mobile devices in 2016 has another malicious card to throw down. This time, it's an auto installer we detect as Android/PUP.Riskware.Autoins.Fota. We thought they cleane...

6.8AI score

ThreatPost•added 2017/10/12 10:0 a.m.•15 views

Down the Rabbit Hole with a BLU Phone Infection

When network administrator James Lockmuller bought 11 dirt-cheap Android phones via Amazon he thought he had a perfect solution for communicating with his warehouse team stretched across a 73,000 square-foot campus. He installed only Skype on the devices and planned to use the $50 BLU Studio X8 H...

7AI score

Exploits0References7

ThreatPost•added 2017/08/01 12:39 p.m.•9 views

Amazon Halts Sale of Android Blu Phone Amid Spyware Concerns

Android phone maker Blu Products was dealt a blow Monday when Amazon said it would no longer sell its phones, citing security and privacy issues. The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting...

1.2AI score

Exploits0References2

ThreatPost•added 2017/07/26 8:57 p.m.•11 views

Android Spyware Still Collects PII Despite Outcry

UPDATE LAS VEGAS—Shanghai Adups Technology Co. was roundly criticized Wednesday during a Black Hat session for continuing to use spyware called Adups on at least two Android handset makers’ phones. Researchers said the company was still collecting personal identifiable information without user...

1.5AI score

CNVD•added 2017/03/27 12:0 a.m.•1 views

Adups Local Information Disclosure Vulnerability

Adups Fota is a professional wireless upgrade solution for IoT devices smart car, wearable, home, VR, etc. from Shanghai Guangsheng Information Technology Co. Adups suffers from a local information disclosure vulnerability. The vulnerability is caused by the AndroidManifest.xml file of the...

7.8CVSS6.3AI score0.00066EPSS

CNVD•added 2017/03/27 12:0 a.m.•1 views

Adups Local Elevation of Privilege Vulnerability

Adups Fota is a professional wireless upgrade solution for IoT devices smart car, wearable, home, VR, etc. from Shanghai Guangsheng Information Technology Co. Adups suffers from a local elevation of privilege vulnerability. The vulnerability is caused by setting the android: sharedUserId attribut...

7.8CVSS7AI score0.00052EPSS

CNVD•added 2017/03/27 12:0 a.m.•1 views

Adups Fota Information Disclosure Vulnerability

Adups Fota is a professional wireless upgrade solution for IoT devices smart car, wearable, home, VR, etc. from Shanghai Guangsheng Information Technology Co. Adups suffers from an information disclosure vulnerability. The vulnerability arises due to the AndroidManifest.xml file of the...

7.8CVSS7.1AI score0.00054EPSS

CNVD•added 2017/03/16 12:0 a.m.•2 views

Multiple Local Elevation of Privilege Vulnerabilities in Adups

Adups Fota is a professional wireless upgrade solution for IoT devices smart car, wearable, home, VR, etc. from Shanghai Guangsheng Information Technology Co. Adups suffers from multiple local elevation of privilege vulnerabilities. An attacker can exploit this vulnerability to elevate privileges...

7.8CVSS7.1AI score0.00048EPSS

Prion•added 2017/01/13 9:59 a.m.•35 views

Design/Logic Flaw

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.2CVSS7.7AI score0.00054EPSS

NVD•added 2017/01/13 9:59 a.m.•16 views

CVE-2016-10139

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...

7.8CVSS7.6AI score0.00048EPSS

NVD•added 2017/01/13 9:59 a.m.•13 views

CVE-2016-10137

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...

7.8CVSS7.5AI score0.00052EPSS

Prion•added 2017/01/13 9:59 a.m.•13 views

Design/Logic Flaw

7.2CVSS7AI score0.00052EPSS

NVD•added 2017/01/13 9:59 a.m.•12 views

CVE-2016-10138

7.8CVSS7.7AI score0.00054EPSS