CVE-2019-15377
Description
The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pre-installed app on Cherry Flare S7 allows any app to modify system properties via exported interface without authorization.
Vulnerability
The Cherry Flare S7 Android device (build fingerprint: Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys) contains a pre-installed app with package name com.mediatek.wfo.impl (versionCode=27, versionName=8.1.0) that exposes an interface allowing any app co-located on the device to modify a system property without proper authorization [1].
Exploitation
An attacker needs to have any app installed on the device that can interact with the exported interface of the vulnerable app. No additional permissions are required beyond being co-located on the same device. The attacker can invoke the exported component to change a system property, leveraging the lack of permission checks [1].
Impact
Successful exploitation allows an attacker to modify a system property, potentially leading to changes in device behavior or security settings. The impact depends on the property modified; it could result in privilege escalation or denial of service [1].
Mitigation
As of the publication date, no official patch has been disclosed. Users should monitor for firmware updates from Cherry Mobile or consider replacing the device if vendor support is unavailable [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cherry/Android devicedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.kryptowire.com/android-firmware-2019/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.