CVE-2019-15358
Global infos:
The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | LOCAL |
| Availability Impact | NONE |
| Base Score | 5.5 |
| Base Severity | MEDIUM |
| Confidentiality Impact | NONE |
| Integrity Impact | HIGH |
| Privileges Required | LOW |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Exploitability Score | 1.8 |
| Impact Score | 3.6 |
| Source | [email protected] |
| Type | Primary |