mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 01:02:55 +00:00
83 lines
4.0 KiB
JSON
83 lines
4.0 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cert@cert.org",
|
|
"ID": "CVE-2016-6564",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Android software",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"affected": "?",
|
|
"version_value": "N/A"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Ragentek"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-494"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "VU#624539",
|
|
"refsource": "CERT-VN",
|
|
"url": "https://www.kb.cert.org/vuls/id/624539"
|
|
},
|
|
{
|
|
"name": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack",
|
|
"refsource": "MISC",
|
|
"url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
|
|
},
|
|
{
|
|
"name": "94393",
|
|
"refsource": "BID",
|
|
"url": "https://www.securityfocus.com/bid/94393/"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |