Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.
References
Configurations
No configuration.
History
21 Nov 2024, 08:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf - |
03 Jul 2024, 01:40
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.7 |
| CWE | CWE-269 |
22 Apr 2024, 19:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-22 15:15
Updated : 2024-11-21 08:13
NVD link : CVE-2023-38292
Mitre link : CVE-2023-38292
CVE.ORG link : CVE-2023-38292
JSON object : View
Products Affected
No product.
CWE
CWE-269
Improper Privilege Management