CVE-2019-15372

Published Nov 14, 2019

Updated

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Affected Software

2 affected components

Hisense Infinity F17 Firmware

Hisense Infinity F17

Event History

Nov 14, 2019

CVE Published

via MITRE·04:25 PM

Data Sourced

via MITRE·04:25 PM

Description

Frequently Asked Questions

What is the severity of CVE-2019-15372?

CVE-2019-15372 has been classified with a severity that may allow unrestricted access to data from co-located apps.

How do I fix CVE-2019-15372?

To fix CVE-2019-15372, it is recommended to update to a firmware version that addresses this vulnerability.

What devices are affected by CVE-2019-15372?

CVE-2019-15372 specifically affects the Hisense F17 Android device with the specified build fingerprint.

What type of vulnerability is CVE-2019-15372?

CVE-2019-15372 is a vulnerability that allows unauthorized access to sensitive data via a pre-installed application.

Can third-party apps exploit CVE-2019-15372?

Yes, third-party apps co-located on the Hisense F17 device can exploit CVE-2019-15372 to access protected data.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.