CVE-2019-15420

Vulnerability

The Blackview BV9000Pro-F (build fingerprint Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys) contains a pre-installed app with package name com.mediatek.factorymode (versionCode=1, versionName=1) that exposes a functionality to modify wireless settings. Due to a confused deputy attack, any co-located app can invoke this capability without proper authorization [1].

Exploitation

An attacker needs to have any app installed on the device (no special permissions required). The malicious app can send an intent or use the exposed interface of the factory mode app to change wireless settings, such as Wi-Fi or Bluetooth configurations. No user interaction is required beyond installation of the malicious app.

Impact

A successful exploit allows an unprivileged app to modify wireless settings on the device, potentially leading to denial of service by disabling connectivity, or man-in-the-middle attacks by changing Wi-Fi configurations. The attacker does not gain elevated privileges beyond the ability to change wireless settings.

Mitigation

As of the publication date (2019-11-14), no official fix has been released by Blackview. The device may be end-of-life or not receiving updates. Users should avoid installing untrusted apps and consider using a firewall or permissions manager to restrict the factory mode app's accessible activities.