CVE-2018-14985

Name of the Vulnerable Software and Affected Versions Leagoo Z5C Android device with a build fingerprint of sp7731c 1h10 32v4 bird:6.0/MRA58K/android.20170629.214736:user/release-keys

Description The device contains a pre-installed platform app with a package name of com.android.settings that has an exported broadcast receiver. This allows any app on the device to initiate a factory reset programmatically without requiring any permissions. A factory reset will remove all user data and apps, resulting in data loss if not backed up or synced externally.

Recommendations For the Leagoo Z5C Android device, consider disabling the com.android.settings app or restricting its functionality to prevent unauthorized factory resets until a patch is available.