4 matches found
CVE-2018-15002
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app versionCode=25, versionName=7.1.2 that contains an...
Code injection
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app versionCode=25, versionName=7.1.2 that contains an...
CVE-2018-15002
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app versionCode=25, versionName=7.1.2 that contains an...
CVE-2018-15002
Summary: CVE-2018-15002 affects the Vivo V7 on specific build fingerprints. The issue arises because the com.qualcomm.qti.modemtestmode.MbnTestService, exposed by the modemtestmode app, lets any co-located app supply key–value pairs to set system properties as the com.android.phone user. A key de...