Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15466 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 6 PRO Firmware
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812191721) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15429 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Panasonic Eluga I9 Firmware
The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack.
local
low complexity
panasonic CWE-610
7.8
7.8
2019-11-14 CVE-2019-15428 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Note 2 Firmware
The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15427 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX Firmware
The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15426 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI 5S Plus Firmware
The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15425 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Katadigital M4S Firmware
The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
katadigital CWE-610
3.3
3.3
2019-11-14 CVE-2019-15424 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee Bl5000 Firmware
The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
doogee CWE-610
3.3
3.3
2019-11-14 CVE-2019-15423 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Bluboo S1 Project Blueboo S1 Firmware
The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
bluboo-s1-project CWE-610
3.3
3.3
2019-11-14 CVE-2019-15422 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee MIX Firmware
The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
doogee CWE-610
3.3
3.3
2019-11-14 CVE-2019-15421 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv7000 PRO Firmware
The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
blackview CWE-610
3.3
3.3