CVE-2018-6598

Name of the Vulnerable Software and Affected Versions Orbic Wonder Orbic/RC555L version 7.1.2

Description An issue allows any co-located app to send an intent to com.android.server.MasterClearReceiver to factory reset the device programmatically without requiring user interaction or permission. This results in the loss of all user data not backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps but is present in an unprotected component of the Android OS. This issue is not present in Google's Android Open Source Project (AOSP) code, indicating it was introduced by Orbic or another entity in the supply chain.

Recommendations For Orbic Wonder Orbic/RC555L version 7.1.2, consider restricting access to the com.android.server.MasterClearReceiver component to prevent unauthorized factory resets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.