System Property Modification Vulnerability in Vivo V7 by Vivo
CVE-2018-15002

4.7MEDIUM

Key Information:

Vendor: Vivo
Status: V7 Firmware
Vendor: CVE Published:; 28 December 2018

What is CVE-2018-15002?

The Vivo V7 device is susceptible to a vulnerability that permits any application co-located on the device to modify system properties, specifically through an exported service in the com.qualcomm.qti.modemtestmode app. This vulnerability allows apps to set key-value pairs for system properties that are retained even after a reboot. A notable misuse of this vulnerability is the ability to log user touchscreen inputs by enabling the persist.sys.input.log property, facilitating potential privacy breaches. Furthermore, the log data can be accessed through an existing vulnerability, requiring only the READ_EXTERNAL_STORAGE permission to expose sensitive user interactions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.kryptowire.com/portal/wp-content/uploads/2018...

x_refsource_MISC

https://www.kryptowire.com/portal/android-firmware-defcon...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2018
Vulnerability Reserved
Aug 5, 2018

JSON

Vivo

What is CVE-2018-15002?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.