What is CVE-2019-15027?

CVE-2019-15027 is a vulnerability in the MediaTek Embedded Multimedia Card (eMMC) subsystem that allows attackers to execute arbitrary commands as root on Android devices.

How severe is CVE-2019-15027?

CVE-2019-15027 has a severity rating of 9.8, which is classified as critical.

Which devices are affected by CVE-2019-15027?

CVE-2019-15027 affects devices running MediaTek MT65xx, MT66xx, and MT8163 SoC firmware.

How can the CVE-2019-15027 vulnerability be exploited?

The vulnerability can be exploited by using shell metacharacters in a filename under the /data directory to execute arbitrary commands as root.

Are there any fixes or patches available for CVE-2019-15027?

At the time of writing, there are no known fixes or patches available for CVE-2019-15027. It is recommended to follow the recommendations provided by the vendor and security advisories.

Vulnerability/
CVE-2019-15027

critical

CWE

14/8/2019

5/8/2024

CVE-2019-15027: OS Command Injection

First published: Wed Aug 14 2019(Updated: )

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mediatek Mt8163 Firmware
Mediatek Mt8163
Mediatek Mt6625 Firmware
Mediatek Mt6625
Mediatek Mt6577 Firmware
Mediatek Mt6577

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-15027?
CVE-2019-15027 is a vulnerability in the MediaTek Embedded Multimedia Card (eMMC) subsystem that allows attackers to execute arbitrary commands as root on Android devices.
How severe is CVE-2019-15027?
CVE-2019-15027 has a severity rating of 9.8, which is classified as critical.
Which devices are affected by CVE-2019-15027?
CVE-2019-15027 affects devices running MediaTek MT65xx, MT66xx, and MT8163 SoC firmware.
How can the CVE-2019-15027 vulnerability be exploited?
The vulnerability can be exploited by using shell metacharacters in a filename under the /data directory to execute arbitrary commands as root.
Are there any fixes or patches available for CVE-2019-15027?
At the time of writing, there are no known fixes or patches available for CVE-2019-15027. It is recommended to follow the recommendations provided by the vendor and security advisories.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/mediatek
canonical/mediatek mt8163 firmware
canonical/mediatek mt8163
canonical/mediatek mt6625 firmware
canonical/mediatek mt6625
canonical/mediatek mt6577 firmware
canonical/mediatek mt6577

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.