PT-2019-14064 · Google+1 · Android+2
Publicado
2019-11-14
·
Atualizado
2019-11-22
·
CVE-2019-15335
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys
com.android.lava.powersave app version v4.0.27
Description
The issue concerns a pre-installed app on the Lava Z92 Android device that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible through an exported interface in the com.android.lava.powersave app.
Recommendations
For the Lava Z92 Android device, consider disabling the com.android.lava.powersave app until a patch is available to prevent unauthorized Wi-Fi control.
For the com.android.lava.powersave app version v4.0.27, restrict access to the exported interface to minimize the risk of exploitation.
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android
Lava Z92
Com.Android.Lava.Powersave