PT-2019-14063 · Lava+1 · Lava Iris 88 Go+2

Published

2019-11-14

Updated

2019-11-22

CVE-2019-15334

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88 go/iris88 go:8.1.0/O11019/1538188945:user/release-keys com.android.lava.powersave app version v4.0.27

Description The issue concerns a pre-installed app that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible through an exported interface.

Recommendations For the Lava Iris 88 Go Android device, consider disabling the com.android.lava.powersave app until a patch is available. Restrict access to the exported interface of the com.android.lava.powersave app to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-15334

Affected Products

Android

Lava Iris 88 Go

Com.Android.Lava.Powersave

PT-2019-14063 · Lava+1 · Lava Iris 88 Go+2

CVE-2019-15334

Weakness Enumeration

Related Identifiers

Affected Products

References · 2