CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-15915
https://notcve.org/view.php?id=CVE-2019-15915
20 Dec 2019 — An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. Se descubrió un problema en los dispositivos Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM. Los atacantes pueden utilizar el "procedimiento de descubrimiento de red ZigBee" para realizar un ataque de denegación de servicio. • https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15915.md • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15475
https://notcve.org/view.php?id=CVE-2019-15475
14 Nov 2019 — The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. ... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15474
https://notcve.org/view.php?id=CVE-2019-15474
14 Nov 2019 — The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external sto... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15473
https://notcve.org/view.php?id=CVE-2019-15473
14 Nov 2019 — The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to ex... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15472
https://notcve.org/view.php?id=CVE-2019-15472
14 Nov 2019 — The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to extern... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15471
https://notcve.org/view.php?id=CVE-2019-15471
14 Nov 2019 — The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are require... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15470
https://notcve.org/view.php?id=CVE-2019-15470
14 Nov 2019 — The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are requ... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15469
https://notcve.org/view.php?id=CVE-2019-15469
14 Nov 2019 — The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=27, versionName=8.1.0) that allows other pre-installed apps to perform microphone audio recording via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required b... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15468
https://notcve.org/view.php?id=CVE-2019-15468
14 Nov 2019 — The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Xiaomi Mi A2 Lite Android con una huella digital de compilación de xiaomi... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15467
https://notcve.org/view.php?id=CVE-2019-15467
14 Nov 2019 — The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_201801032053) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Xiaomi Mi Mix 2S Android con una huella digital de compilación de Xiaomi/p... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •