漏洞标题
N/A
漏洞描述信息
在 Shanghai Adups 软件的 BLU R1 HD 设备上发现了一个问题。在名为 com.adups.fota.sysoper.provider.InfoProvider 的应用中,有一个 package 名为 com.adups.fota.sysoper 的内容提供商,允许设备上的任何应用程序作为系统用户读取、写入和删除文件。在 com.adups.fota.sysoper 应用的用户权限manifest.xml 文件中,它将 android:sharedUserId 属性设置为 android.uid.system,使其执行作为系统用户,这是设备上非常特权的用户。这使得第三方应用程序能够读取、写入和删除系统用户拥有的文件。第三方应用程序可以修改 /data/system/users/0/settings_secure.xml 文件,并将其添加为通知监听器,以便在设备上收到通知文本。这还允许读取 /data/system/users/0/accounts.db 文件,其中包含设备上各种账户的验证令牌。第三方应用程序能够获得特权信息,并且还可以修改文件以在设备上获得更多的权限。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
BLU R1 HD设备Shanghai Adups软件加密问题漏洞
漏洞描述信息
BLU R1 HD是美国BLU Products公司的一款智能手机设备。Shanghai Adups software是其中的一个基于云的升级推送软件。 BLU R1 HD设备中的Shanghai Adups软件存在安全漏洞。本地攻击者可利用该漏洞读取,写入和删除文件,获取更多权限。
CVSS信息
N/A
漏洞类别
加密问题