CVE-2019-15387

Vulnerability

The Archos Core 101 Android device (build fingerprint archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys) includes a pre-installed app with package name com.roco.autogen (versionCode=1, versionName=1). This app exposes an exported interface that allows any other app on the device to programmatically disable or enable Wi-Fi without requiring the corresponding ACCESS_WIFI_STATE or CHANGE_WIFI_STATE permissions [1].

Exploitation

An attacker needs only to have any app installed on the same device. No special permissions or user interaction are required. The attacker's app can invoke the exported interface provided by the com.roco.autogen app to toggle the Wi-Fi state [1].

Impact

A malicious app can disable or enable Wi-Fi at will, potentially disrupting network connectivity or enabling other attacks (e.g., forcing the device onto a rogue network). This affects availability and can be abused without the user's knowledge or consent [1].

Mitigation

No official fix has been released for this vulnerability. As of the publication date (2019-11-14), the affected device may be end-of-life. Users should consider removing the pre-installed app if possible using ADB or a root solution. This CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.