Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6564

Опубликовано: 13 июл. 2018
Источник: nvd
CVSS3: 8.1
CVSS2: 9.3
EPSS Низкий

Описание

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments":

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:infinixauthority:hot_x507_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:hot_x507:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:infinixauthority:hot_2_x510_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:hot_2_x510:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:infinixauthority:zero_x506_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:zero_x506:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:infinixauthority:zero_2_x509_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:zero_2_x509:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:bluproducts:studio_g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_g:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:bluproducts:studio_g_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_g_plus:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:bluproducts:studio_6.0_hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_6.0_hd:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:bluproducts:studio_x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_x:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:bluproducts:studio_x_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_x_plus:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:bluproducts:studio_c_hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_c_hd:-:*:*:*:*:*:*:*
Конфигурация 11

Одновременно

cpe:2.3:o:xolo:cube_5.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:xolo:cube_5.0:-:*:*:*:*:*:*:*
Конфигурация 12

Одновременно

cpe:2.3:o:beeline:pro_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:beeline:pro_2:-:*:*:*:*:*:*:*
Конфигурация 13

Одновременно

cpe:2.3:o:iku-mobile:colorful_k45i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:iku-mobile:colorful_k45i:-:*:*:*:*:*:*:*
Конфигурация 14

Одновременно

cpe:2.3:o:leagoo:lead_5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_5:-:*:*:*:*:*:*:*
Конфигурация 15

Одновременно

cpe:2.3:o:leagoo:lead_6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_6:-:*:*:*:*:*:*:*
Конфигурация 16

Одновременно

cpe:2.3:o:leagoo:lead_3i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_3i:-:*:*:*:*:*:*:*
Конфигурация 17

Одновременно

cpe:2.3:o:leagoo:lead_2s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_2s:-:*:*:*:*:*:*:*
Конфигурация 18

Одновременно

cpe:2.3:o:leagoo:alfa_6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:alfa_6:-:*:*:*:*:*:*:*
Конфигурация 19

Одновременно

cpe:2.3:o:doogee:voyager_2_dg310i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:doogee:voyager_2_dg310i:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00341
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-494
CWE-264

Связанные уязвимости

github логотип

GHSA-cp5q-fwmj-pjgc

CVSS3: 8.1
github
больше 3 лет назад

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments...

EPSS

Процентиль: 56%
0.00341
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-494
CWE-264