The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 04:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/ - Exploit, Third Party Advisory | |
References | () https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305 - Third Party Advisory |
Information
Published : 2019-08-14 13:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-15027
Mitre link : CVE-2019-15027
CVE.ORG link : CVE-2019-15027
JSON object : View
Products Affected
mediatek
- mt6625_firmware
- mt8163_firmware
- mt6625
- mt8163
- mt6577
- mt6577_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')