CVE-2018-15006

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zteusa:zte_zmax_champ_firmware:6.0.1:*:*:*:*:*:*:*
cpe:2.3:h:zteusa:zte_zmax_champ:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:50

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/106361 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/106361 - Third Party Advisory, VDB Entry
References () https://www.kryptowire.com/portal/android-firmware-defcon-2018/ - Third Party Advisory () https://www.kryptowire.com/portal/android-firmware-defcon-2018/ - Third Party Advisory
References () https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf - Exploit, Third Party Advisory () https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf - Exploit, Third Party Advisory

Information

Published : 2018-12-28 21:29

Updated : 2024-11-21 03:50


NVD link : CVE-2018-15006

Mitre link : CVE-2018-15006

CVE.ORG link : CVE-2018-15006


JSON object : View

Products Affected

zteusa

  • zte_zmax_champ_firmware
  • zte_zmax_champ