15 matches found
CVE-2018-14997
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework i.e., systemserver with a package name of android that has been modified by Leagoo or another entity in the supply chain. The systemserv...
EUVD-2018-6880
Malware in sbrugna...
EUVD-2018-6881
Malware in sbrugna...
EUVD-2018-6879
Malware in sbrugna...
CVE-2018-14999
The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...
CVE-2018-14999
The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...
Design/Logic Flaw
The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...
Authentication flaw
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework i.e., systemserver with a package name of android that has been modified by Leagoo or another entity in the supply chain. The systemserv...
CVE-2018-14999
The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...
CVE-2018-14999
The CVE-2018-14999 entry describes a vulnerability in the Leagoo P1 where a pre-installed platform app com.wtk.factory contains an exported broadcast receiver (MMITestReceiver) that lets any co-located app trigger a factory reset without permissions. This could wipe all user data and apps on the ...
CVE-2018-14997
CVE-2018-14997 concerns a modified Leagoo P1 Android build where the system_server in the core Android package exposes an exported broadcast receiver that lets apps on the device take a screenshot and save it to external storage. The vulnerability arises from this capability being accessible to a...
CVE-2018-14998
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical acce...
Privilege escalation
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical acce...
CVE-2018-14998
CVE-2018-14998 concerns the Leagoo P1 Android device where a hidden root privilege escalation allows a user with physical access to obtain a root shell via ADB. The root cause is the ability to modify read-only system properties at runtime by altering ro.debuggable and ro.secure , then restarting...
CVE-2018-14998
The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical acce...