CVE-2024-10576
Last modified
CVE-2024-10576 is a critical-severity vulnerability rated 9.4/10 on the CVSS scale. Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact the vendor we did not receive any answer. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
Metrics
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:I/V:D/RE:X/U:Amber
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2024-10576?
How severe is CVE-2024-10576?
How do I fix CVE-2024-10576?
Are you affected by CVE-2024-10576?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST