Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE ZMAX Champ 安全漏洞
Vulnerability Description
ZTE ZMAX Champ是中国中兴通讯(ZTE)公司的一款基于Android平台的智能手机。 ZTE ZMAX Champ(所使用的Build fingerprint为ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys)中的预安装的平台应用程序的com.android.zte.hiddenmenu数据包的com.android.zte.hiddenmenu.CommandReceiver导出广播接收器应用程序组件存在安全漏
CVSS Information
N/A
Vulnerability Type
N/A