CVE-2018-15006

Name of the Vulnerable Software and Affected Versions ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys

Description The device contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu that has an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver. This component is accessible to any app co-located on the device and can write a non-standard command to the /cache/recovery/command file when it receives a broadcast intent with a certain action string. As a result, the device will crash, boot into recovery mode, and crash again, creating a crash loop that makes the device unusable.

Recommendations For the ZTE ZMAX Champ Android device with the specified build fingerprint, consider disabling the com.android.zte.hiddenmenu.CommandReceiver component to prevent the crash loop. At the moment, there is no information about a newer version that contains a fix for this vulnerability.