Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vivo V7 安全漏洞
Vulnerability Description
Vivo V7是中国维沃(Vivo)移动通信公司的一款智能手机。 Vivo V7(所使用的Build fingerprint为vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys)中的com.qualcomm.qti.modemtestmode app的com.qualcomm.qti.modemtestmode.MbnTestService应用程序组件存在安全漏洞。攻击者可利用该漏洞以com.android.phone用户身份设置系统属
CVSS Information
N/A
Vulnerability Type
N/A