Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15428 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Note 2 Firmware
The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15427 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI MIX Firmware
The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15426 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI 5S Plus Firmware
The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3
2019-11-14 CVE-2019-15425 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Katadigital M4S Firmware
The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
katadigital CWE-610
3.3
3.3
2019-11-14 CVE-2019-15424 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee Bl5000 Firmware
The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
doogee CWE-610
3.3
3.3
2019-11-14 CVE-2019-15423 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Bluboo S1 Project Blueboo S1 Firmware
The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
bluboo-s1-project CWE-610
3.3
3.3
2019-11-14 CVE-2019-15422 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Doogee MIX Firmware
The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
doogee CWE-610
3.3
3.3
2019-11-14 CVE-2019-15421 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv7000 PRO Firmware
The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
blackview CWE-610
3.3
3.3
2019-11-14 CVE-2019-15420 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Blackview Bv9000Pro-F Firmware
The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
blackview CWE-610
3.3
3.3
2019-11-14 CVE-2019-15415 Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Redmi 5 Firmware
The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
mi CWE-610
3.3
3.3