Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14995

Опубликовано: 28 дек. 2018
Источник: nvd
CVSS3: 4.7
CVSS2: 1.9
EPSS Низкий

Описание

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zteusa:zte_blade_vantage_firmware:7.1.1:*:*:*:*:*:*:*
cpe:2.3:h:zteusa:zte_blade_vantage:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:zteusa:zte_blade_spark_firmware:7.1.1:*:*:*:*:*:*:*
cpe:2.3:h:zteusa:zte_blade_spark:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:zteusa:zte_zmax_pro_firmware:6.0.1:*:*:*:*:*:*:*
cpe:2.3:h:zteusa:zte_zmax_pro:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:zteusa:zte_zmax_champ_firmware:6.0.1:*:*:*:*:*:*:*
cpe:2.3:h:zteusa:zte_zmax_champ:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%
0.00053
Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-532

Связанные уязвимости

github логотип

GHSA-mh7p-2p63-76h2

CVSS3: 4.7
github
больше 3 лет назад

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming a...

EPSS

Процентиль: 16%
0.00053
Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-532