CVE-2019-15423

Vulnerability

The Bluboo Bluboo_S1 Android device (build fingerprint BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys) includes a pre-installed application with the package name com.mediatek.factorymode (versionCode=1, versionName=1) that exposes functionality to modify wireless settings. Due to a confused deputy design weakness, this capability can be invoked by any third-party application installed on the same device without requiring any special permissions from the calling app [1].

Exploitation

An attacker needs only to have any app co-located on the device (no root access, no user interaction beyond installing the malicious app). The malicious app can directly invoke the factory-mode app's exported components to change Wi‑Fi or other wireless configurations without the user's knowledge or consent [1].

Impact

A successful attack allows the unauthorized modification of wireless settings on the device. This could enable an attacker to redirect network traffic, connect to malicious access points, or degrade wireless connectivity — ultimately compromising the confidentiality and integrity of data transmitted over the device's network connections [1].

Mitigation

No official fix or updated firmware has been identified in the available references. The only effective mitigation is to avoid installing untrusted applications on the device or to remove or disable the com.mediatek.factorymode app if possible via ADB or device management tools [1].