Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TCL 20XE 安全漏洞
Vulnerability Description
TCL 20XE是TCL的一款手机。 Boost Mobile TCL 20XE 存在安全漏洞,该漏洞源于设备的某些软件版本包含易受攻击的预装应用程序(com.tct.gcs.hiddenmenuproxy),允许本地第三方应用程序以编程方式执行恢复出厂设置。
CVSS Information
N/A
Vulnerability Type
N/A