CVE-2018-14989

Name of the Vulnerable Software and Affected Versions Plum Compass Android device with a build fingerprint of PLUM/c179 hwf 221/c179 hwf 221:6.0/MRA58K/W16.51.5-22:user/release-keys

Description The issue concerns a pre-installed platform app with a package name of com.android.settings that contains an exported broadcast receiver app component. This component allows any app co-located on the device to programmatically perform a factory reset without requiring any permissions. As a result, all user data and apps will be removed from the device, leading to data loss if not backed up or synced externally.

Recommendations For the Plum Compass Android device with the specified build fingerprint, consider disabling the com.android.settings app component to prevent unauthorized factory resets until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using apps that may leverage the unprotected app component of the pre-installed platform app.