RSS   Vulnerabilities for 'Zenfone 3 max firmware'   RSS

2019-04-25
 
CVE-2018-14993

CWE-noinfo
 

 
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.

 
 
CVE-2018-14980

CWE-732
 

 
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.

 
2018-12-28
 
CVE-2018-14992

CWE-254
 

 
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService.

 
 
CVE-2018-14979

CWE-200
 

 
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials.

 

 >>> Vendor: ASUS 84 Products
Video security online
Remote console
Smartlogon
Asus wl-330ge
Asus wl-500w
Rt-n56u firmware
Rt-n56u
Ipswcom activex component
Net4switch
Rt-ac66u
Rt-n14u
Rt-n16u
Rt-n65u
Rt-n66u
Rt-ac66u firmware
Rt-n14u firmware
Rt-n16 firmware
Rt-n65u firmware
Rt-n66u firmware
Rt-n10e
Rt-n10e firmware
Wl-330nul
Rt-ac68u
Rt-ac68u firmware
Rt firmware
Rt series firmware
Wrt firmware
Rt-ac56s
Rt-ac87u
Rt-ac56s firmware
Rt-ac87u firmware
Rt-n10+d1 firmware
Rt-g32 firmware
Tm-1900
Wl-330nul firmware
Wl-33nul firmware
Tm-ac1900 firmware
Rt-ac53 firmware
Rt-ac1750 firmware
Dsl-n10s firmware
Asuswrt
Dsl-ac51 firmware
Dsl-ac52u firmware
Dsl-ac55u firmware
Dsl-ac56u firmware
Dsl-ac750 firmware
Dsl-n10 c1 firmware
Dsl-n12e c1 firmware
Dsl-n12u c1 firmware
Dsl-n14u-b1 firmware
Dsl-n14u firmware
Dsl-n16 firmware
Dsl-n16u firmware
Dsl-n17u firmware
Dsl-n55u c1 firmware
Dsl-n55u d1 firmware
Dsl-n66u firmware
Rt-ac1200 firmware
Rt-ac2900 firmware
Rt-ac51u firmware
Rt-ac52u b1 firmware
Rt-ac55u firmware
Rt-ac55uhp firmware
Rt-ac58u firmware
Rt-ac86u firmware
Rt-acrh13 firmware
Rt-n12 d1 firmware
Rt-n600 firmware
Ea-n66 firmware
Rp-ac52 firmware
Rp-ac56 firmware
Rp-n12 firmware
Rp-n14 firmware
Rp-n53 firmware
Wmp-n12 firmware
Hg100 firmware
Gt-ac5300 firmware
Zenfone 3 max firmware
Aura sync firmware
Zenfone v live firmware
Rt-ac3200 firmware
Smarthome
Precision touchpad
Asuswrt-merlin


Copyright 2019, cxsecurity.com

 

Back to Top