CVE-2019-15421

Vulnerability

The Blackview BV7000_Pro Android device (build fingerprint Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys) includes a pre-installed app with package name com.mediatek.factorymode (versionCode=1, versionName=1). This app exposes a confused deputy vulnerability that permits unauthorized modification of wireless settings. Any app co-located on the device can access this capability without requiring special permissions [1].

Exploitation

An attacker needs only to have any app installed on the device. The malicious app can invoke the vulnerable component in com.mediatek.factorymode to alter wireless configurations. The attack does not require user interaction, network access, or elevated privileges beyond installation of a malicious app [1].

Impact

Successful exploitation allows the attacker to modify wireless settings on the device. This could lead to denial of service by disrupting wireless connectivity, or potentially enable man-in-the-middle attacks if the attacker can redirect traffic through a rogue access point. The impact is limited to wireless configuration changes and does not grant root-level access or full device compromise [1].

Mitigation

As of the publication date (2019-11-14), no official fix or patch has been released for this vulnerability. The affected device is likely end-of-life. Users should avoid installing untrusted applications and consider disabling or uninstalling the com.mediatek.factorymode app if possible, though this may require root access. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].