CVE-2019-15356
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2019
Last modified:
24/08/2020
Description
The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:lavamobiles:flair_z1_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:lavamobiles:flair_z1:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page