PT-2025-23310 · Unknown · Com.Pri.Factorytest
Szymon Chadam
·
Published
2025-05-30
·
Updated
2025-06-13
·
CVE-2024-13915
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application version 1.0
Description
The issue concerns an application named "com.pri.factorytest" that is preloaded onto Android-based smartphones during the manufacturing process. This application exposes a service called "com.pri.factorytest.emmc.FactoryResetService" that allows any application to perform a factory reset of the device. The application update did not change the APK version but was included in OS builds released after December 2024 for Ulefone and possibly after March 2025 for Krüger&Matz.
Recommendations
For devices with the "com.pri.factorytest" application version 1.0, consider disabling the
com.pri.factorytest.emmc.FactoryResetService service to prevent unauthorized factory resets until a patched version is available.
As a temporary workaround, restrict access to the "com.pri.factorytest" application to minimize the risk of exploitation.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Com.Pri.Factorytest