CVE-2019-15364
Description
Pre-installed app on Dexp BL250 allows any app to modify a system property via exported interface without authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pre-installed app on Dexp BL250 allows any app to modify a system property via exported interface without authorization.
Vulnerability
The Dexp BL250 Android device with build fingerprint DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with package name com.mediatek.wfo.impl (versionCode=27, versionName=8.1.0) that exposes an exported interface allowing any co-located app to modify a system property without proper authorization [1].
Exploitation
An attacker must have a malicious app installed on the same device. No additional permissions or user interaction are required; the malicious app can directly invoke the exported interface to modify the system property.
Impact
Successful exploitation enables a malicious app to alter a system property, which could lead to changes in device behavior, such as denial of service, information disclosure, or potential privilege escalation, depending on the property modified.
Mitigation
No fix is detailed in the available references. Users should avoid installing untrusted apps and consider checking with the manufacturer for firmware updates. The device may be end-of-life or no longer supported.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Dexp/BL250description
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.kryptowire.com/android-firmware-2019/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.