PT-2019-14066 · Google+1 · Android+2

Published

2019-11-14

Updated

2019-11-22

CVE-2019-15337

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8.1.0/O11019/1532317309:user/release-keys com.android.lava.powersave app version v4.0.31

Description The issue concerns a pre-installed app on the Lava Z81 Android device that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible due to an exported interface in the com.android.lava.powersave app.

Recommendations For the Lava Z81 Android device, consider disabling the com.android.lava.powersave app until a patch is available to prevent unauthorized Wi-Fi control. For the com.android.lava.powersave app version v4.0.31, restrict access to the exported interface to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-15337

Affected Products

Android

Lava Z81

Com.Android.Lava.Powersave

PT-2019-14066 · Google+1 · Android+2

CVE-2019-15337

Weakness Enumeration

Related Identifiers

Affected Products

References · 2