Vulnerabilities > Skydevices

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-28	CVE-2018-15007	OS Command Injection vulnerability in Skydevices SKY Elite 6.0L+ Firmware Sky/X6069Trxl601Sky/X6069Trxl601Sky:6.0/Mra58K/1482897127:User/Releasekeys The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. local low complexity skydevices CWE-78	4.6

Vulnerabilities > Skydevices {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Skydevices"}]}