Vulnerabilities > Leagoo > P1 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-14997 | Missing Authorization vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a package name of android that has been modified by Leagoo or another entity in the supply chain. | 5.5 |
| 2018-12-28 | CVE-2018-14998 | OS Command Injection vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. | 6.8 |