CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Katadigital M4S Firmware

Titles listed in dictionary

CPE for product: cpe:2.3:o:katadigital:m4s_firmware:-:*:*:*:*:*:*:*

Showing 1-1 of 1
Low damage 3.3
Difficult to exploit
(other affected products) Published: Thu Nov 14 17:15:00 2019 UTC. Last Modified: Mon Nov 25 16:09:00 2019 UTC
CPE matches: cpe:2.3:o:katadigital:m4s_firmware:-:*:*:*:*:*:*:*

Description

The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (CVSSv3)

Type of bug(s)

References