Vulnerability CVE-2019-12762


Published: 2019-06-06

Description:
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Sharp
Product: Aquos zeta sh-04f firmware 
Vendor: Fujitsu
Product: Arrows nx f005-f firmware 
Vendor: Xiaomi
Product: Mi 5s plus firmware 
Vendor: Google
Product: Nexus 9 firmware 
Product: Nexus 7 firmware 
Vendor: Samsung
Product: Galaxy s6 edge firmware 
Product: Galaxy s4 firmware 
Vendor: SONY
Product: Xperia z4 firmware 

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/
https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607

Related CVE
CVE-2019-11890
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.
CVE-2019-11889
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.
CVE-2019-5982
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file ...
CVE-2019-5981
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
CVE-2018-14983
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has...
CVE-2019-10844
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.
CVE-2018-0690
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
CVE-2018-0656
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Copyright 2019, cxsecurity.com

 

Back to Top