CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15424
https://notcve.org/view.php?id=CVE-2019-15424
The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Doogee BL5000 Android con una huella digital de compilación de DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys, contiene una aplicación preinstalada con un nombre de paquete de aplicación com.mediatek.factorymode (versionCode=1, versionName=1), que permite la modificación de la configuración inalámbrica no autorizada mediante un ataque de tipo confused deputy. Esta capacidad puede ser accedida mediante cualquier aplicación ubicada en el dispositivo. • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15422
https://notcve.org/view.php?id=CVE-2019-15422
The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Doogee Mix Android con una huella digital de compilación de DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys, contiene una aplicación preinstalada con un nombre de paquete de aplicación com.mediatek.factorymode (versionCode=1, versionName=1), que permite la modificación de la configuración inalámbrica no autorizada mediante un ataque de tipo confused deputy. Esta capacidad puede ser accedida mediante cualquier aplicación ubicada en el dispositivo. • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.3EPSS: 1%CPEs: 38EXPL: 1CVE-2016-6564 – Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges
https://notcve.org/view.php?id=CVE-2016-6564
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. • https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack https://www.kb.cert.org/vuls/id/624539 https://www.securityfocus.com/bid/94393 • CWE-264: Permissions, Privileges, and Access Controls CWE-494: Download of Code Without Integrity Check •