CVE-2019-15399
Description
Pre-installed com.asus.loguploaderproxy app on Asus ZenFone 5Q allows command execution by other pre-installed apps via accessible component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pre-installed com.asus.loguploaderproxy app on Asus ZenFone 5Q allows command execution by other pre-installed apps via accessible component.
Vulnerability
The Asus ZenFone 5Q (build fingerprint asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys) includes a pre-installed app with package name com.asus.loguploaderproxy (versionCode=1570000020, versionName=7.0.0.4_170901). This app exposes an accessible component that allows any other pre-installed app with signatureOrSystem permissions to perform command execution [1].
Exploitation
An attacker must have control of a pre-installed app on the device that can obtain signatureOrSystem permissions. Such an app can then invoke the exported component of com.asus.loguploaderproxy to execute arbitrary commands with the privileges of that app [1].
Impact
Successful exploitation allows the malicious pre-installed app to execute arbitrary commands, potentially leading to full device compromise, including data disclosure, modification, or denial of service, depending on the commands executed [1].
Mitigation
No official fix has been disclosed in the available references. Users should monitor vendor updates for a patch. The device is likely end-of-life; consider replacing it if security is critical [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Asus/ZenFone 5Qdescription
- Range: Build NGI77B / 14.0400.1809.059-20181016
- Range: = 7.0.0.4_170901 (versionCode 1570000020)
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.kryptowire.com/android-firmware-2019/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.