PT-2024-16375 · Transsion · Infinix
Szymon Chadam
·
Published
2024-12-04
·
Updated
2024-12-04
·
CVE-2024-10576
CVSS v4.0
9.4
Critical
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:I/V:D/RE:X/U:Amber |
Name of the Vulnerable Software and Affected Versions
Infinix devices (affected versions not specified)
Description
The issue concerns a pre-loaded application
com.transsion.agingfunction that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. It is supposed that this problem affects all Infinix Mobile devices, as no response was received from the vendor after multiple attempts to contact them.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infinix