CVE-2018-15006

Name: CVE-2018-15006
Creator: NVD / NIST
Published: 2018-12-28T21:29:00.997+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.53%

Last modified Jun 17, 2026

CVE-2018-15006 is a vulnerability of currently unknown severity. The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. EPSS estimates a 0.53% chance of exploitation in the next 30 days.

Description

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeating, which makes the device unusable. There is no way to boot into an alternate mode once the crash loop starts.

Metrics

EPSS Probability

0.53%

40.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Zteusa	Zte Zmax Champ Firmware	6.0.1

References

http://www.securityfocus.com/bid/106361Third Party Advisory, VDB Entry
https://www.kryptowire.com/portal/android-firmware-defcon-2018/Third Party Advisory
https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdfExploit, Third Party Advisory
http://www.securityfocus.com/bid/106361Third Party Advisory, VDB Entry
https://www.kryptowire.com/portal/android-firmware-defcon-2018/Third Party Advisory
https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdfExploit, Third Party Advisory

Timeline

Published: Dec 28, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-15006?

How severe is CVE-2018-15006?

Severity scoring for CVE-2018-15006 is pending analysis. The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.

How do I fix CVE-2018-15006?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-15006?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST