CVE-2013-3666 – LG Optimus G Command Injection

https://notcve.org/view.php?id=CVE-2013-3666

The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. El componente de menu oculto de LG (LG Hidden Menu) para Android en LG Optimus G E973 permite a atacantes físicamente próximos a ejecutar comandos arbitrarios entrando en el modo de depuración USB, utilizando Android Debug Bridge (adb) para establecer una conexión USB, marcando 3845#*973#, modificando la cadena de comandos WLAN test Wi-Fi Ping Test/User Command tcpdump, y pulsando el botón CANCEL. LG Optimus G E973 suffers from a command injection vulnerability. • http://seclists.org/fulldisclosure/2013/May/166 http://www.youtube.com/watch?v=ZfbDIpTY-t4 https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj • CWE-264: Permissions, Privileges, and Access Controls •