CVE-2019-15340

Name of the Vulnerable Software and Affected Versions Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura india/sakura india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys

Description The issue concerns a pre-installed app with a package name of com.huaqin.factory that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface.

Recommendations For the Xiaomi Redmi 6 Pro Android device, consider restricting the use of the com.huaqin.factory app until a patch is available. As a temporary workaround, consider disabling the interface that allows apps to disable and enable Wi-Fi, Bluetooth, and GPS without permission until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.