CVE-2024-10576

Severity CVSS v4.0:

CRITICAL

Type:

Unavailable / Other

Publication date:

04/12/2024

Last modified:

04/12/2024

Description

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. <br /> <br /> After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/R:I/V:D/U:Amber CVSS v4.0 Severity and Metrics:

Base Score: 9.40 CRITICAL
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/R:I/V:D/U:Amber

Attack Vector (AV): Local
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): High
Safety (S): Negligible
Recovery (R): Irrecoverable
Value Density (V): Diffuse
Provider Urgency (U): Amber

Base Score 4.0

9.40

Severity 4.0

CRITICAL

CVE-2024-10576

Description

Impact

References to Advisories, Solutions, and Tools