PT-2019-14116 · Archos+1 · Archos Core 101+1

Published

2019-11-14

Updated

2020-08-24

CVE-2019-15387

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys

Description The issue concerns a pre-installed app with a package name of com.roco.autogen that allows any co-located app to disable and enable Wi-Fi without the necessary access permission. This is possible due to an exported interface.

Recommendations For the Archos Core 101 Android device, consider disabling the com.roco.autogen app to prevent unauthorized access to Wi-Fi settings until a patch is available. Restricting the use of the exported interface in the com.roco.autogen app can also help minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-15387

Affected Products

Android

Archos Core 101

PT-2019-14116 · Archos+1 · Archos Core 101+1

CVE-2019-15387

Weakness Enumeration

Related Identifiers

Affected Products

References · 2