CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14993
https://notcve.org/view.php?id=CVE-2018-14993
25 Apr 2019 — The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splen... • https://www.kryptowire.com •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14980
https://notcve.org/view.php?id=CVE-2018-14980
25 Apr 2019 — The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taki... • https://www.kryptowire.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14992
https://notcve.org/view.php?id=CVE-2018-14992
28 Dec 2018 — The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any a... • https://www.kryptowire.com/portal/android-firmware-defcon-2018 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 2CVE-2018-14979
https://notcve.org/view.php?id=CVE-2018-14979
28 Dec 2018 — The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services... • https://www.kryptowire.com/portal/android-firmware-defcon-2018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •