EUVD-2019-6426

Malware in sbrugna...

CVE-2019-15393

The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...

CVE-2019-15744

The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyakisoftbank/keyakisoftbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app versionCode=1413005, versionName=1.3.0 that allows unauthoriz...

CVE-2019-15425

The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

CVE-2019-15423

The Bluboo BlubooS1 Android device with a build fingerprint of BLUBOO/BlubooS1/BlubooS1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via...

CVE-2019-15415

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...

CVE-2019-15393

The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...

Design/Logic Flaw

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisysprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1715201812071953 that allows unauthorized wireles...

Code injection

The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

Code injection

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX017D1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settin...

Code injection

The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...

Code injection

The Blackview BV7000Pro Android device with a build fingerprint of Blackview/BV7000Pro/BV7000Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings...

CVE-2019-15467

CVE-2019-15467 affects Xiaomi Mi Mix 2S on Android (build fingerprint Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys). A pre-installed app with package name com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) allows unauthorized wireless settin...

CVE-2019-15467

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=A2060201801032053 that allows unauthorized wireles...

CVE-2019-15466

CVE-2019-15466 concerns a vulnerability on the Xiaomi Redmi 6 Pro (build fingerprint: xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys). The issue arises from a pre-installed app with package name com.huaqin.factory app that allows unauthorized wireless s...

CVE-2019-15427

The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via a...

CVE-2019-15425

The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

CVE-2019-15415

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...

CVE-2019-15394

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WWPhone/ASUSX017D1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settin...

CVE-2019-15393

The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...