CVE-2023-38292

Name of the Vulnerable Software and Affected Versions TCL 20XE Android device versions with software build fingerprints TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB83-0:user/release-keys

Description The issue concerns a pre-installed app with the package name com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that has inadequate access control, allowing local third-party apps to perform a factory reset programmatically. No permissions or special privileges are necessary to exploit this issue, and no user interaction is required beyond installing and running a third-party app. The vulnerable app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.

Recommendations For the affected TCL 20XE Android device versions with software build fingerprints TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB83-0:user/release-keys, consider disabling the com.tct.gcs.hiddenmenuproxy app to prevent potential exploitation until a patch is available. As a temporary workaround, restrict access to the com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component to minimize the risk of exploitation.