Vulnerabilities for Zenfone 3 max firmware (...) - CXSECURITY.COM

Vulnerabilities for 'Zenfone 3 max firmware'

2019-04-25

CVE-2018-14993

CWE-noinfo

The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.

CVE-2018-14980

CWE-732

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.

2018-12-28

CVE-2018-14992

CWE-254

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService.

CVE-2018-14979

CWE-200

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials.

>>> Vendor: ASUS 91 Products

Video security online

Rt-n56u firmware

Ipswcom activex component

Rt-ac66u firmware

Rt-n14u firmware

Rt-n16 firmware

Rt-n65u firmware

Rt-n66u firmware

Rt-n10e firmware

Rt-ac68u firmware

Rt series firmware

Rt-ac56s firmware

Rt-ac87u firmware

Rt-n10+d1 firmware

Rt-g32 firmware

Wl-330nul firmware

Wl-33nul firmware

Tm-ac1900 firmware

Rt-ac53 firmware

Rt-ac1750 firmware

Dsl-n10s firmware

Dsl-ac51 firmware

Dsl-ac52u firmware

Dsl-ac55u firmware

Dsl-ac56u firmware

Dsl-ac750 firmware

Dsl-n10 c1 firmware

Dsl-n12e c1 firmware

Dsl-n12u c1 firmware

Dsl-n14u-b1 firmware

Dsl-n14u firmware

Dsl-n16 firmware

Dsl-n16u firmware

Dsl-n17u firmware

Dsl-n55u c1 firmware

Dsl-n55u d1 firmware

Dsl-n66u firmware

Rt-ac1200 firmware

Rt-ac2900 firmware

Rt-ac51u firmware

Rt-ac52u b1 firmware

Rt-ac55u firmware

Rt-ac55uhp firmware

Rt-ac58u firmware

Rt-ac86u firmware

Rt-acrh13 firmware

Rt-n12 d1 firmware

Rt-n600 firmware

Ea-n66 firmware

Rp-ac52 firmware

Rp-ac56 firmware

Rp-n12 firmware

Rp-n14 firmware

Rp-n53 firmware

Wmp-n12 firmware

Gt-ac5300 firmware

Zenfone 3 max firmware

Aura sync firmware

Zenfone v live firmware

Rt-ac3200 firmware

Precision touchpad

Armoury crate lite service

Rog live service

Copyright 2024, cxsecurity.com