Szymon Chadam

**Name of the Vulnerable Software and Affected Versions** Bluebird barcode scanner application versions prior to 1.3.3 **Description** The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver, `kr.co.bluebird.android.bbsettings.BootReceiver`. A local attacker can exploit this to overwrite files containing the ".json" keyword with a default barcode configuration file. The application lacks protection against path traversal vulnerabilities when specifying the file name, allowing overwriting of files in any location. **Recommendations** Update the barcode scanner application to version 1.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** Bluebird devices versions prior to 1.1.2 **Description** Bluebird devices contain a pre-loaded kiosk application that exposes an unsecured service provider, `com.bluebird.kiosk.launcher.IpartnerKioskRemoteService`. A local attacker can bind to the AIDL-type service to modify device’s global settings and wallpaper image. **Recommendations** Bluebird devices versions prior to 1.1.2: Update to version 1.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bluebird devices version 1.4.4 Bluebird devices version 1.3.6 **Description** Bluebird devices contain a pre-loaded file manager application that exposes an unsecured service provider `com.bluebird.system.koreanpost.IsdcardRemoteService`. A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from the device's storage with system-level permissions. **Recommendations** Update Bluebird devices from version 1.4.4 to a newer, non-vulnerable version. Revert Bluebird devices from version 1.4.4 to version 1.3.6.

**Name of the Vulnerable Software and Affected Versions** com.pri.applock version 13 (version code: 33) com.pri.applock (affected versions not specified) **Description** The application "com.pri.applock" allows users to encrypt applications using a PIN code or biometric data. However, the "com.android.providers.settings.fingerprint.PriFpShareProvider" content provider's public method `query()` can be exploited by malicious applications to exfiltrate the PIN code without requiring any Android system permissions. **Recommendations** For version 13 (version code: 33), consider restricting access to the `query()` method of the "com.android.providers.settings.fingerprint.PriFpShareProvider" content provider to prevent PIN code exfiltration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application version 1.0 **Description** The issue concerns an application named "com.pri.factorytest" that is preloaded onto Android-based smartphones during the manufacturing process. This application exposes a service called "com.pri.factorytest.emmc.FactoryResetService" that allows any application to perform a factory reset of the device. The application update did not change the APK version but was included in OS builds released after December 2024 for Ulefone and possibly after March 2025 for Krüger&Matz. **Recommendations** For devices with the "com.pri.factorytest" application version 1.0, consider disabling the `com.pri.factorytest.emmc.FactoryResetService` service to prevent unauthorized factory resets until a patched version is available. As a temporary workaround, restrict access to the "com.pri.factorytest" application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** com.pri.applock version 13 (version code: 33) **Description** The issue allows a malicious application to inject an arbitrary intent with system-level privileges to a protected application. This can be done by exploiting the exposed "com.pri.applock.LockUI" activity, which does not require any granted Android system permissions. To successfully inject the intent, the malicious application must know the protecting PIN number or ask the user to provide it. **Recommendations** For version 13 (version code: 33), consider restricting access to the `com.pri.applock.LockUI` activity to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinix devices (affected versions not specified) **Description** The issue concerns a pre-loaded application `com.rlk.weathers` that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's location without any privileges. After multiple attempts to contact the vendor, no response was received, leading to the assumption that this problem affects all Infinix Mobile devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinix devices (affected versions not specified) **Description** The issue concerns a pre-loaded application `com.transsion.agingfunction` that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. It is supposed that this problem affects all Infinix Mobile devices, as no response was received from the vendor after multiple attempts to contact them. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCL products (affected versions not specified) **Description** The default TCL Camera application has a path traversal vulnerability in its provider. A malicious application can supply a malicious URI path, allowing it to delete arbitrary files from the user's external storage. There have been reports of this issue being exploited for remote code execution in specific TCL product models. **Recommendations** Update to the latest firmware as detailed in the advisory to resolve the issue. As a temporary workaround, consider restricting access to the TCL Camera application's provider to minimize the risk of exploitation. Ensure you follow the remediation guidelines provided to mitigate risks associated with this issue. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so updating to the latest firmware is the recommended course of action.