Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LockScreenSettings - Theft arbitrary files with system privilege
Vulnerability Description
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
CWE-927
Vulnerability Title
LG Mobile 安全漏洞
Vulnerability Description
LG mobile是韩国乐金(LG)公司的一系列移动设备产品。 LG Mobile存在安全漏洞。攻击者利用该漏洞将文件访问模式更改为全局可读和全局可写。
CVSS Information
N/A
Vulnerability Type
N/A