PT-2019-14098 · Lava+1 · Lava Z61 Turbo+1

Published

2019-11-14

Updated

2020-08-24

CVE-2019-15369

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61 Turbo/Z61 Turbo:8.1.0/O11019/1536917928:user/release-keys

Description The issue concerns a pre-installed app with a package name of com.mediatek.wfo.impl that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Recommendations For the Lava Z61 Turbo Android device, consider restricting access to the com.mediatek.wfo.impl app to minimize the risk of exploitation until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-15369

Affected Products

Android

Lava Z61 Turbo

PT-2019-14098 · Lava+1 · Lava Z61 Turbo+1

CVE-2019-15369

Related Identifiers

Affected Products

References · 2