CVE-2019-15339

Name of the Vulnerable Software and Affected Versions Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys com.android.lava.powersave app version v4.0.27

Description The issue concerns a pre-installed app that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible through an exported interface.

Recommendations For the Lava Z60s Android device, consider disabling the com.android.lava.powersave app until a patch is available. Restrict access to the exported interface of the com.android.lava.powersave app to minimize the risk of exploitation. Avoid using the affected device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.