CVE-2019-15430

Name of the Vulnerable Software and Affected Versions Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo D2 Pro/Bluboo D2 Pro:7.0/NRD90M/1510370501:user/release-keys

Description The issue concerns a pre-installed app with a package name of com.qiku.cleaner that allows other pre-installed apps to modify system properties. This is possible because the app component is accessible, and the required signatureOrSystem permissions can be obtained by any pre-installed app on the device. The app in question has a versionCode of 2 and a versionName of 2.0.0 VER 32516508295515.

Recommendations For the Bluboo D3 Pro Android device, consider restricting access to the com.qiku.cleaner app to minimize the risk of system properties modification by other pre-installed apps. At the moment, there is no information about a newer version that contains a fix for this vulnerability.