PT-2024-17855 · Infinix · Infinix Mobile
Szymon Chadam
·
Published
2024-12-30
·
Updated
2024-12-30
·
CVE-2024-12993
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Infinix devices (affected versions not specified)
Description
The issue concerns a pre-loaded application
com.rlk.weathers that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's location without any privileges. After multiple attempts to contact the vendor, no response was received, leading to the assumption that this problem affects all Infinix Mobile devices.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Infinix Mobile