Vulnerabilites related to mediatek - mt6577
var-201908-0792
Vulnerability from variot
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data. MediaTek Embedded Multimedia Card (eMMC) Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in the MediaTek Embedded Multimedia Card (eMMC) subsystem. The following products and versions are affected: MT65xx devices; MT66xx devices; MT8163 SoC devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0792",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mt6577",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "mt8163",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "mt6625",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "mt6577",
"scope": null,
"trust": 0.8,
"vendor": "media tech",
"version": null
},
{
"model": "mt6625",
"scope": null,
"trust": 0.8,
"vendor": "media tech",
"version": null
},
{
"model": "mt8163",
"scope": null,
"trust": 0.8,
"vendor": "media tech",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediatek:mt8163_firmware:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediatek:mt6625_firmware:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediatek:mt6625:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediatek:mt6577_firmware:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediatek:mt6577:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15027"
}
]
},
"cve": "CVE-2019-15027",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15027",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-147032",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15027",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15027",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147032",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147032"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes \u0027system(\"/system/bin/rm -r /data/\u0027 followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data. MediaTek Embedded Multimedia Card (eMMC) Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in the MediaTek Embedded Multimedia Card (eMMC) subsystem. The following products and versions are affected: MT65xx devices; MT66xx devices; MT8163 SoC devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "VULHUB",
"id": "VHN-147032"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15027",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1030",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147032",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147032"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"id": "VAR-201908-0792",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147032"
}
],
"trust": 0.85
},
"last_update_date": "2023-12-18T13:18:39.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.mediatek.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147032"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"trust": 1.7,
"url": "https://github.com/andr3jx/mtk6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#l302-l305"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15027"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15027"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147032"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147032"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-147032"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"date": "2019-08-14T13:15:11.187000",
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"date": "2019-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-147032"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008351"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15027"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MediaTek Embedded Multimedia Card Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008351"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1030"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-08-14 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediatek | mt8163_firmware | - | |
| mediatek | mt8163 | - | |
| mediatek | mt6625_firmware | - | |
| mediatek | mt6625 | - | |
| mediatek | mt6577_firmware | - | |
| mediatek | mt6577 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mediatek:mt8163_firmware:-:*:*:*:*:android:*:*",
"matchCriteriaId": "EBC8DF79-7DB0-4F5C-8D86-AB2D39C49B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:android:*:*",
"matchCriteriaId": "2A270FFF-F61C-4BFF-B208-D0EEE5602E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mediatek:mt6625_firmware:-:*:*:*:*:android:*:*",
"matchCriteriaId": "A35C889C-6624-4CD2-8449-0B6F1CB18ACA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt6625:-:*:*:*:*:android:*:*",
"matchCriteriaId": "BA6F0E45-C3BA-4933-8617-8461EFC664E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mediatek:mt6577_firmware:-:*:*:*:*:android:*:*",
"matchCriteriaId": "68D537A1-141F-44EB-BFD6-61526576E2EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt6577:-:*:*:*:*:android:*:*",
"matchCriteriaId": "BAAF1611-7AD6-48C9-BB93-BDABCD3C1A50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes \u0027system(\"/system/bin/rm -r /data/\u0027 followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data."
},
{
"lang": "es",
"value": "El subsistema MediaTek Embedded Multimedia Card (eMMC) para Android sobre dispositivos SoC MT65xx, MT66xx y MT8163, permite a atacantes ejecutar comandos arbitrarios como root por medio de metacaracteres de shell en un nombre de archivo bajo /data, porque la funci\u00f3n clear_emmc_nomedia_entry en el archivo plataforma/mt6577/external/meta/emmc/meta_clr_emmc.c invoca \"system(\"/system/bin/rm -r /data/\" seguido de este nombre de archivo luego de una autorizaci\u00f3n de eMMC de un arranque en Modo Meta. NOTA: el compromiso del Fire OS en Amazon Echo Dot requerir\u00eda una segunda vulnerabilidad hipot\u00e9tica que permite la creaci\u00f3n del archivo requerido bajo /data."
}
],
"id": "CVE-2019-15027",
"lastModified": "2024-11-21T04:27:54.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-14T13:15:11.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-15027
Vulnerability from cvelistv5
Published
2019-08-14 12:03
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes \u0027system(\"/system/bin/rm -r /data/\u0027 followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T12:03:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes \u0027system(\"/system/bin/rm -r /data/\u0027 followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/",
"refsource": "MISC",
"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/"
},
{
"name": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305",
"refsource": "MISC",
"url": "https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.c#L302-L305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15027",
"datePublished": "2019-08-14T12:03:35",
"dateReserved": "2019-08-13T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}