CVE-2019-15364 in BL250info

Summary

by MITRE

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 02/14/2024

The vulnerability identified as CVE-2019-15364 resides within the DEXP BL250 Android device, specifically in a pre-installed application named com.mediatek.wfo.impl. This application operates with version code 27 and version name 8.1.0, representing a critical security flaw that stems from inadequate access controls within the Android system framework. The device in question operates on Android 8.1.0 with build fingerprint DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys, indicating a specific hardware and software configuration that exposes this vulnerability.

The technical flaw manifests through an exported interface within the com.mediatek.wfo.impl application that permits any co-located application to modify system properties without proper authorization mechanisms. This represents a direct violation of Android's security model where system-level modifications should require explicit permissions or authentication. The exported interface creates an attack surface that allows malicious applications with normal user privileges to manipulate critical system parameters, effectively bypassing the standard Android permission model and privilege separation mechanisms.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it enables attackers to modify system properties that could affect device functionality, security policies, or communication protocols. According to CWE-284, this vulnerability represents an improper access control issue where the application exposes functionality that should be restricted. The flaw allows for arbitrary modification of system properties, potentially enabling persistent backdoors, denial of service conditions, or complete system compromise. Attackers could leverage this vulnerability to modify network settings, alter security configurations, or manipulate telephony-related system parameters that are critical to device operation.

From a cybersecurity perspective, this vulnerability aligns with ATT&CK technique T1546.001 which involves modifying system executables or configuration files to achieve persistence. The exposure of system property modification through an exported interface creates an opportunity for attackers to establish persistent access or modify device behavior in ways that could go undetected. The vulnerability essentially provides a path for privilege escalation that bypasses normal Android security controls, making it particularly dangerous in environments where device security is paramount. Organizations implementing mobile device management strategies should consider this vulnerability when assessing risk for devices running this specific firmware configuration.

Mitigation strategies should include immediate firmware updates from the manufacturer, if available, or implementing application-level restrictions that prevent unauthorized applications from accessing system properties. Network administrators should consider device hardening procedures that disable unnecessary exported interfaces and implement strict application whitelisting policies. The vulnerability demonstrates the importance of proper security architecture in mobile platforms where pre-installed applications may introduce unintended access points. Regular security audits of pre-installed applications and their exported interfaces should be conducted to identify similar exposure points that could be exploited for privilege escalation or system compromise.

Reservation

08/22/2019

Moderation

accepted

CPE

ready

EPSS

0.00285

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!