Unrated severityNVD Advisory· Published Dec 28, 2018· Updated Aug 5, 2024

CVE-2018-14995

Description

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Pre-installed com.android.modem.service on several ZTE devices exports an interface that allows any app to enable and read modem and logcat logs, leaking SMS text, phone numbers, and other sensitive data.

Vulnerability

The ZTE Blade Vantage (Z839/sweet), Blade Spark (Z971/peony), ZMAX Pro (P895T20/urd), and ZMAX Champ (Z917VL/fortune) devices ship with a pre-installed platform app com.android.modem.service (versionCode 25/versionName 7.1.1 on Android 7.1.1 devices; versionCode 23/versionName 6.0.1 on Android 6.0.1 devices). This app exposes an interface to any co-located application, enabling activation and collection of modem logs and system-wide logcat logs without requiring the appropriate permissions [1][2].

Exploitation

An attacker needs no special permissions to enable the logging features, as the exported interface is accessible to any third-party app on the device. Once enabled, the modem logs and logcat output are written to external storage (SD card). To read the captured logs from the SD card, the attacker's app must be granted the READ_EXTERNAL_STORAGE permission, which is commonly obtainable. The attack sequence involves: (1) invoking the exposed interface to start logging, (2) waiting for log data accumulation (e.g., during user calls or SMS activity), and (3) reading and parsing the stored log files for sensitive content [1][2].

Impact

Successfully exploiting this vulnerability allows a malicious app to retrieve modem logs containing the full text body of incoming and outgoing SMS messages (in binary format) as well as phone numbers for both incoming and outgoing calls. Additionally, the system-wide logcat logs, normally restricted to pre-installed system apps, become accessible and often contain other sensitive user data. This constitutes significant information disclosure (confidentiality breach) with no privilege escalation required beyond the READ_EXTERNAL_STORAGE permission [1][2].

Mitigation

No patch or fixed firmware versions have been identified in the available references. Users are advised to limit the installation of untrusted applications and monitor external storage for unexpected log files. As a general best practice, avoid granting READ_EXTERNAL_STORAGE permission to apps that do not need it. The affected ZTE devices may reach end-of-life without receiving an official update for this issue [1][2].

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zte/Blade Vantagellm-create
Range: Android 7.1.1 / build NMF26V
Zte/Blade Sparkllm-create
Range: Android 7.1.1 / build NMF26V
Zte/ZMAX Prollm-create
Range: Android 6.0.1 / build MMB29M
Zte/com.android.modem.servicellm-create
Range: versionCode=25, versionName=7.1.1 / versionCode=23, versionName=6.0.1
Zte/ZMAX Champllm-fuzzy
Range: Android 6.0.1 / build MMB29M

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kryptowire.com/portal/android-firmware-defcon-2018/mitrex_refsource_MISC
www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000