Vulnerabilities > CVE-2019-15430 - Unspecified vulnerability in Bluboo D3 PRO Project Bluboo D3 PRO Firmware

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

bluboo-d3-pro-project

NVD

Published: 2019-11-14

Updated: 2020-08-24

Summary

The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Vulnerable Configurations

Part	Description	Count
OS	Bluboo_D3_Pro_Project Bluboo D3 PRO Project Bluboo D3 PRO Firmware -	1
Hardware	Bluboo_D3_Pro_Project Bluboo D3 PRO Project Bluboo D3 PRO -	1

References

https://www.kryptowire.com/android-firmware-2019/