CVE-2019-15338

Published at:
2019-11-14T17:15:15.210
Source: [email protected]

Global infos:

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorLOCAL
    Availability ImpactNONE
    Base Score3.3
    Base SeverityLOW
    Confidentiality ImpactNONE
    Integrity ImpactLOW
    Privileges RequiredLOW
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    Exploitability Score1.8
    Impact Score1.4
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords