CVE-2018-9525 in Google Androidinfo

Summary

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

04/05/2018

Disclosure

11/14/2018

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
126875	Google Android com.android.settings.slice.action.WIFI_CHANGED AndroidManifest.xml SliceBroadcastReceiver permission	275	Not defined	Official fix	CVE-2018-9525

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!