PT-2019-14064 · Google+1 · Android+2

Published

2019-11-14

Updated

2019-11-22

CVE-2019-15335

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys com.android.lava.powersave app version v4.0.27

Description The issue concerns a pre-installed app on the Lava Z92 Android device that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible through an exported interface in the com.android.lava.powersave app.

Recommendations For the Lava Z92 Android device, consider disabling the com.android.lava.powersave app until a patch is available to prevent unauthorized Wi-Fi control. For the com.android.lava.powersave app version v4.0.27, restrict access to the exported interface to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-15335

Affected Products

Android

Lava Z92

Com.Android.Lava.Powersave

PT-2019-14064 · Google+1 · Android+2

CVE-2019-15335

Weakness Enumeration

Related Identifiers

Affected Products

References · 2