21 matches found
EUVD-2016-1325
Malware in sbrugna...
EUVD-2016-1326
Malware in sbrugna...
EUVD-2016-1328
Malware in sbrugna...
Authentication flaw
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
Design/Logic Flaw
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
Design/Logic Flaw
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10139
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
CVE-2016-10136
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10138
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
CVE-2016-10137
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
Input validation
An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...
CVE-2016-10139
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...
CVE-2016-10139
The CVE-2016-10139 issue affects BLU R1 HD devices running Shanghai Adups software. The com.adups.fota.sysoper app declares android:sharedUserId as android.uid.system, allowing it to run as the privileged system user and grant additional permissions not listed in its manifest. This enables access...
CVE-2016-10137
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10136
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the...
CVE-2016-10138
An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...
CVE-2016-10137
CVE-2016-10137 affects BLU R1 HD devices running Shanghai Adups software. The vulnerability arises from the com.adups.fota.sysoper app (package com.adups.fota.sysoper) exposing InfoProvider to any app on the device, coupled with android:sharedUserId set to android.uid.system, causing execution as...
CVE-2016-10138
CVE-2016-10138 affects BLU Advance 5.0 and BLU R1 HD running Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and sets android:sharedUserId to android.uid.system, causing it to run as the system user. It exposes an exported broadcast receiver (com.adups.fota.sy...
CVE-2016-10136
CVE-2016-10136 affects BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper provider InfoProvider, in the com.adups.fota.sysoper app, sets android:sharedUserId to android.uid.system, enabling any app on the device to read, write, and delete files as the system user. This can...
CVE-2016-10135
Technical details for CVE-2016-10135 are not publicly provided in the supplied documents; monitor for updates as connected sources do not reveal affected components or remediation.