What is the severity of CVE-2018-15003?

CVE-2018-15003 is classified as a critical vulnerability due to its potential impact on user privacy and device security.

What devices are affected by CVE-2018-15003?

CVE-2018-15003 affects the Coolpad Defiant and T-Mobile Revvl Plus Android devices.

How do I fix CVE-2018-15003?

To fix CVE-2018-15003, users should apply any available security patches from their device manufacturer.

What type of vulnerability is CVE-2018-15003?

CVE-2018-15003 is a pre-installed application vulnerability that allows unauthorized access to sensitive user data.

Is there a workaround for CVE-2018-15003?

Users can mitigate the risk of CVE-2018-15003 by uninstalling the vulnerable app if possible or restricting its permissions.

Vulnerability/
CVE-2018-15003

high

7.5

CWE

25/4/2019

5/8/2024

CVE-2018-15003: Input Validation

First published: Thu Apr 25 2019(Updated: )

The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys) Android devices contain a pre-installed platform app with a package name of com.qualcomm.qti.telephony.extcarrierpack (versionCode=25, versionName=7.1.1) containing an exported broadcast receiver app component named com.qualcomm.qti.telephony.extcarrierpack.UiccReceiver that allows any app co-located on the device to programmatically perform a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Coolpad Defiant Firmware
Coolpad Defiant
T-mobile Revvl Plus Firmware
T-Mobile Revvl Plus

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-15003?
CVE-2018-15003 is classified as a critical vulnerability due to its potential impact on user privacy and device security.
What devices are affected by CVE-2018-15003?
CVE-2018-15003 affects the Coolpad Defiant and T-Mobile Revvl Plus Android devices.
How do I fix CVE-2018-15003?
To fix CVE-2018-15003, users should apply any available security patches from their device manufacturer.
What type of vulnerability is CVE-2018-15003?
CVE-2018-15003 is a pre-installed application vulnerability that allows unauthorized access to sensitive user data.
Is there a workaround for CVE-2018-15003?
Users can mitigate the risk of CVE-2018-15003 by uninstalling the vulnerable app if possible or restricting its permissions.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/last-modified-date
agent/severity
agent/tags
agent/event
agent/first-publish-date
agent/description
agent/source
vendor/coolpad
canonical/coolpad defiant firmware
canonical/coolpad defiant
vendor/t-mobile
canonical/t-mobile revvl plus firmware
canonical/t-mobile revvl plus

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.