CVE-2016-6564 (GCVE-0-2016-6564)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Ragentek Android software Unknown: N/A
Create a notification for this product.
Credits
Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:28.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#624539",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/624539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
          },
          {
            "name": "94393",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/94393/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android software",
          "vendor": "Ragentek",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability."
        }
      ],
      "datePublic": "2016-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-494",
              "description": "CWE-494",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-13T19:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#624539",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/624539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
        },
        {
          "name": "94393",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/94393/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-6564",
          "STATE": "PUBLIC",
          "TITLE": "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ragentek"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-494"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#624539",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/624539"
            },
            {
              "name": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack",
              "refsource": "MISC",
              "url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
            },
            {
              "name": "94393",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/94393/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-6564",
    "datePublished": "2018-07-13T20:00:00",
    "dateReserved": "2016-08-03T00:00:00",
    "dateUpdated": "2024-08-06T01:36:28.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infinixauthority:hot_x507_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E1F7E6D-36C1-43C1-A082-012A2B076083\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infinixauthority:hot_x507:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF0E9213-E92E-437F-B818-CAC49714359B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infinixauthority:hot_2_x510_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16C972BB-1621-484F-B760-66F14606F22D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infinixauthority:hot_2_x510:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8848D000-4085-431F-B459-846B61F1F519\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infinixauthority:zero_x506_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCAEC49E-64D7-48E2-A20E-843A152C3342\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infinixauthority:zero_x506:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21EB5937-CD55-4E7D-9DCC-B5A9DC35C092\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infinixauthority:zero_2_x509_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D72E356A-3776-437F-A01B-782686978296\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infinixauthority:zero_2_x509:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"838DC11A-5928-4CE1-8C47-6DB304CB774F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"250622C8-483C-4E50-B299-14E0B4AF9596\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1405ED4B-8F63-4C11-A4D8-BE65DE153D0F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_g_plus_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75A2B779-523A-4541-A2F5-D6084F18A82A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_g_plus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"872770AE-33BB-45A0-8FF4-48B981FC3F1E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_6.0_hd_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"586F417B-2560-4E1E-8D42-8A04E9293BAD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_6.0_hd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04767248-D023-4BE8-8243-51F94864D1D1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D958325-08EF-49EC-913F-CC35DF9FA1A2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"019D185F-6C7D-4D81-997B-59C6659CA5AF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_x_plus_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966C5CA1-AE21-4AFC-8ACF-890C216290A0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_x_plus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"743EB295-520E-4F12-B395-52BC7BA8E4D5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bluproducts:studio_c_hd_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DB6E094-0FFF-4992-997F-C2221F65E922\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bluproducts:studio_c_hd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F09A667-7100-40F7-B03F-3D1F9E0728C8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xolo:cube_5.0_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F23993D-E0F9-4CE9-8EF8-5AF8C3F9DD11\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:xolo:cube_5.0:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A20F8D62-AADC-4FE8-B586-F2135102E87A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:beeline:pro_2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1229649-DC71-47A0-BD74-A78E294DFDFB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:beeline:pro_2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9A04BB6-DC55-4693-A451-D62E0022F34E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:iku-mobile:colorful_k45i_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"173B7772-7FF4-434D-BB2C-6E80127554DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:iku-mobile:colorful_k45i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BBC0D73-2936-43C6-9541-29191208B86D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:leagoo:lead_5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D53592AF-6A78-4294-B792-A49C391DC341\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:leagoo:lead_5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC2DE373-9BD3-4BBF-837F-73ECE7700448\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:leagoo:lead_6_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6144A49D-7D85-419B-B3F1-18A943245738\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:leagoo:lead_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5A0FDDC-DC1F-4D83-9273-2872769EB9F5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:leagoo:lead_3i_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDF0B78D-43F2-4FF2-8430-04838F943196\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:leagoo:lead_3i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A2B0180-99DD-4E49-89A8-7037C80C6F0D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:leagoo:lead_2s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B12B475-7A3A-436C-BCFA-7DF212276B5C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:leagoo:lead_2s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AF3DE21-DD1C-4897-9B91-7261601C8A38\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:leagoo:alfa_6_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF32D104-7EF5-47A0-B500-EF01913C35AC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:leagoo:alfa_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB27875D-2936-4540-812B-F958D19E5DEE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:doogee:voyager_2_dg310i_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"837AA3EA-0EB5-4D77-A6CB-B981B2BAEE93\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:doogee:voyager_2_dg310i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75EC02F5-835F-4752-87FE-009DEB2153F6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\\\"name\\\":\\\"c_regist\\\",\\\"details\\\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\\\"code\\\": \\\"01\\\", \\\"name\\\": \\\"push_commands\\\", \\\"details\\\": {\\\"server_id\\\": \\\"1\\\" , \\\"title\\\": \\\"Test Command\\\", \\\"comments\\\": \\\"Test\\\", \\\"commands\\\": \\\"touch /tmp/test\\\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos Android con c\\u00f3digo de Ragentek contienen un binario privilegiado que realiza comprobaciones de actualizaciones OTA (over-the-air). Adem\\u00e1s, hay m\\u00faltiples t\\u00e9cnicas en uso para ocultar la ejecuci\\u00f3n de este binario. El comportamiento podr\\u00eda describirse como rootkit. Este binario, que reside como /system/bin/debugs, se ejecuta con privilegios root y no se comunica mediante un canal cifrado. Se ha mostrado que el binario se comunica con tres hosts mediante HTTP: oyag[.]lhzbdvm[.]com, oyag[.]prugskh[.]net y oyag[.]prugskh[.]com. Las respuestas del servidor a las peticiones enviadas por el binario debugs incluyen funcionalidades para ejecutar comandos arbitrarios como root, instalar aplicaciones o actualizar configuraciones. Ejemplos de una petici\\u00f3n enviada por el binario del cliente: POST /pagt/agent?data={\\\"name\\\":\\\"c_regist\\\",\\\"details\\\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close Un ejemplo de respuesta del servidor podr\\u00eda ser: HTTP/1.1 200 OK {\\\"code\\\": \\\"01\\\", \\\"name\\\": \\\"push_commands\\\", \\\"details\\\": {\\\"server_id\\\": \\\"1\\\" , \\\"title\\\": \\\"Test Command\\\", \\\"comments\\\": \\\"Test\\\", \\\"commands\\\": \\\"touch /tmp/test\\\"}} Se ha informado que este binario est\\u00e1 presente en los siguientes dispositivos: BLU Studio G, BLU Studio G Plus, BLU Studio 6.0 HD, BLU Studio X, BLU Studio X Plus, BLU Studio C HD, Infinix Hot X507, Infinix Hot 2 X510, Infinix Zero X506, Infinix Zero 2 X509, DOOGEE Voyager 2 DG310, LEAGOO Lead 5, LEAGOO Lead 6, LEAGOO Lead 3i, LEAGOO Lead 2S, LEAGOO Alfa 6, IKU Colorful K45i, Beeline Pro 2 y XOLO Cube 5.0.\"}]",
      "id": "CVE-2016-6564",
      "lastModified": "2024-11-21T02:56:21.923",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-13T20:29:01.050",
      "references": "[{\"url\": \"https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/624539\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/94393/\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/624539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.securityfocus.com/bid/94393/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-494\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6564\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:01.050\",\"lastModified\":\"2024-11-21T02:56:21.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\\\"name\\\":\\\"c_regist\\\",\\\"details\\\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\\\"code\\\": \\\"01\\\", \\\"name\\\": \\\"push_commands\\\", \\\"details\\\": {\\\"server_id\\\": \\\"1\\\" , \\\"title\\\": \\\"Test Command\\\", \\\"comments\\\": \\\"Test\\\", \\\"commands\\\": \\\"touch /tmp/test\\\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Android con c\u00f3digo de Ragentek contienen un binario privilegiado que realiza comprobaciones de actualizaciones OTA (over-the-air). Adem\u00e1s, hay m\u00faltiples t\u00e9cnicas en uso para ocultar la ejecuci\u00f3n de este binario. El comportamiento podr\u00eda describirse como rootkit. Este binario, que reside como /system/bin/debugs, se ejecuta con privilegios root y no se comunica mediante un canal cifrado. Se ha mostrado que el binario se comunica con tres hosts mediante HTTP: oyag[.]lhzbdvm[.]com, oyag[.]prugskh[.]net y oyag[.]prugskh[.]com. Las respuestas del servidor a las peticiones enviadas por el binario debugs incluyen funcionalidades para ejecutar comandos arbitrarios como root, instalar aplicaciones o actualizar configuraciones. Ejemplos de una petici\u00f3n enviada por el binario del cliente: POST /pagt/agent?data={\\\"name\\\":\\\"c_regist\\\",\\\"details\\\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close Un ejemplo de respuesta del servidor podr\u00eda ser: HTTP/1.1 200 OK {\\\"code\\\": \\\"01\\\", \\\"name\\\": \\\"push_commands\\\", \\\"details\\\": {\\\"server_id\\\": \\\"1\\\" , \\\"title\\\": \\\"Test Command\\\", \\\"comments\\\": \\\"Test\\\", \\\"commands\\\": \\\"touch /tmp/test\\\"}} Se ha informado que este binario est\u00e1 presente en los siguientes dispositivos: BLU Studio G, BLU Studio G Plus, BLU Studio 6.0 HD, BLU Studio X, BLU Studio X Plus, BLU Studio C HD, Infinix Hot X507, Infinix Hot 2 X510, Infinix Zero X506, Infinix Zero 2 X509, DOOGEE Voyager 2 DG310, LEAGOO Lead 5, LEAGOO Lead 6, LEAGOO Lead 3i, LEAGOO Lead 2S, LEAGOO Alfa 6, IKU Colorful K45i, Beeline Pro 2 y XOLO Cube 5.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infinixauthority:hot_x507_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1F7E6D-36C1-43C1-A082-012A2B076083\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infinixauthority:hot_x507:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF0E9213-E92E-437F-B818-CAC49714359B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infinixauthority:hot_2_x510_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C972BB-1621-484F-B760-66F14606F22D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infinixauthority:hot_2_x510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8848D000-4085-431F-B459-846B61F1F519\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infinixauthority:zero_x506_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAEC49E-64D7-48E2-A20E-843A152C3342\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infinixauthority:zero_x506:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EB5937-CD55-4E7D-9DCC-B5A9DC35C092\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infinixauthority:zero_2_x509_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72E356A-3776-437F-A01B-782686978296\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infinixauthority:zero_2_x509:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"838DC11A-5928-4CE1-8C47-6DB304CB774F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"250622C8-483C-4E50-B299-14E0B4AF9596\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1405ED4B-8F63-4C11-A4D8-BE65DE153D0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_g_plus_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75A2B779-523A-4541-A2F5-D6084F18A82A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_g_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"872770AE-33BB-45A0-8FF4-48B981FC3F1E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_6.0_hd_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"586F417B-2560-4E1E-8D42-8A04E9293BAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_6.0_hd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04767248-D023-4BE8-8243-51F94864D1D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D958325-08EF-49EC-913F-CC35DF9FA1A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"019D185F-6C7D-4D81-997B-59C6659CA5AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_x_plus_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966C5CA1-AE21-4AFC-8ACF-890C216290A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_x_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"743EB295-520E-4F12-B395-52BC7BA8E4D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bluproducts:studio_c_hd_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB6E094-0FFF-4992-997F-C2221F65E922\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bluproducts:studio_c_hd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F09A667-7100-40F7-B03F-3D1F9E0728C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xolo:cube_5.0_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F23993D-E0F9-4CE9-8EF8-5AF8C3F9DD11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:xolo:cube_5.0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20F8D62-AADC-4FE8-B586-F2135102E87A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:beeline:pro_2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1229649-DC71-47A0-BD74-A78E294DFDFB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:beeline:pro_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A04BB6-DC55-4693-A451-D62E0022F34E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:iku-mobile:colorful_k45i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"173B7772-7FF4-434D-BB2C-6E80127554DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:iku-mobile:colorful_k45i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BBC0D73-2936-43C6-9541-29191208B86D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:leagoo:lead_5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D53592AF-6A78-4294-B792-A49C391DC341\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:leagoo:lead_5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC2DE373-9BD3-4BBF-837F-73ECE7700448\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:leagoo:lead_6_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6144A49D-7D85-419B-B3F1-18A943245738\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:leagoo:lead_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A0FDDC-DC1F-4D83-9273-2872769EB9F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:leagoo:lead_3i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF0B78D-43F2-4FF2-8430-04838F943196\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:leagoo:lead_3i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2B0180-99DD-4E49-89A8-7037C80C6F0D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:leagoo:lead_2s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B12B475-7A3A-436C-BCFA-7DF212276B5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:leagoo:lead_2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AF3DE21-DD1C-4897-9B91-7261601C8A38\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:leagoo:alfa_6_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF32D104-7EF5-47A0-B500-EF01913C35AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:leagoo:alfa_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB27875D-2936-4540-812B-F958D19E5DEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:doogee:voyager_2_dg310i_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"837AA3EA-0EB5-4D77-A6CB-B981B2BAEE93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:doogee:voyager_2_dg310i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75EC02F5-835F-4752-87FE-009DEB2153F6\"}]}]}],\"references\":[{\"url\":\"https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/624539\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/94393/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/624539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.securityfocus.com/bid/94393/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.