CVE-2018-15005

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.

El dispositivo Android ZTE ZMAX Champ con una huella digital ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contiene una aplicación preinstalada, cuyo paquete se denomina com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) con un componente de app de recibidor de transmisiones exportado llamado com.zte.zdm.VdmcBroadcastReceiver que permite que cualquier app que también esté en el dispositivo inicie de forma programática una restauración de fábrica. Además, la app que inicia la restauración de fábrica no necesita ningún permiso. Una restauración de fábrica eliminará todos los datos y aplicaciones del usuario del dispositivo. Esto resultará en la pérdida de cualquier dato que no haya sido sincronizado externamente o del que no tenga una copia de seguridad. La capacidad para realizar una restauración de fábrica no está directamente disponible para aplicaciones de terceros (las que los usuarios instalan por sí mismos, exceptuando las aplicaciones habilitadas MDM, o de gestión del dispositivo móvil), aunque puede obtenerse aprovechando un componente sin proteger de una app preinstalada de la plataforma.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-08-05 CVE Reserved
2018-12-28 CVE Published
2024-01-09 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-862: Missing Authorization

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/106361	Third Party Advisory
https://www.kryptowire.com/portal/android-firmware-defcon-2018	Third Party Advisory

URL	Date	SRC
https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zteusa Search vendor "Zteusa"	Zte Zmax Champ Firmware Search vendor "Zteusa" for product "Zte Zmax Champ Firmware"	5.0.3 Search vendor "Zteusa" for product "Zte Zmax Champ Firmware" and version "5.0.3"	-	Affected	in	Zteusa Search vendor "Zteusa"	Zte Zmax Champ Search vendor "Zteusa" for product "Zte Zmax Champ"	-	-	Safe