Unsecured Content Provider in Infinix Mobile Devices
CVE-2024-12993

4.8MEDIUM

Key Information:

Vendor: Infinix Mobile
Status: Com.rlk.weathers
Vendor: CVE Published:; 30 December 2024

🔔 Create Infinix Mobile Vulnerability Alert

What is CVE-2024-12993?

Infinix mobile devices are impacted by a serious security issue involving the pre-installed 'com.rlk.weathers' application. This application features an unsecured content provider that can be accessed by attackers. With this vulnerability, an attacker is capable of communicating with the content provider, which may allow them to reveal sensitive information, such as the user's location. Despite multiple attempts to reach out to Infinix for clarification or a patch, no response has been received, raising concerns that this flaw could affect all models in the Infinix mobile device line.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

com.rlk.weathers Android 7.0.0.037

References

https://cert.pl/en/posts/2024/12/CVE-2024-12993/

third-party-advisory

https://cert.pl/posts/2024/12/CVE-2024-12993/

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Dec 27, 2024

Credit

Szymon Chadam

JSON

Infinix Mobile

What is CVE-2024-12993?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.