CVE-2019-15430
Description
The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A pre-installed app on Bluboo D3 Pro allows other pre-installed apps to modify system properties via an accessible component, enabling privilege escalation.
Vulnerability
The Bluboo D3 Pro Android device (build fingerprint BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys) includes a pre-installed app with package name com.qiku.cleaner (versionCode=2, versionName=2.0.0_VER_32516508295515) that exposes an accessible component. This component allows any other pre-installed app that can obtain signatureOrSystem permissions to perform system properties modification [1].
Exploitation
An attacker needs to have a pre-installed app on the device that can acquire signatureOrSystem permissions. By leveraging the accessible component of the com.qiku.cleaner app, the attacker can modify system properties. The exact steps are not detailed in the reference [1], but the component is accessible to any app with the required privileges.
Impact
Successful exploitation allows a pre-installed app to modify system properties, which could lead to changes in device behavior, potential privilege escalation, or security configuration bypass. The exact impact depends on the properties modified [1].
Mitigation
No official patch or fixed version has been disclosed for the Bluboo D3 Pro. Users may consider disabling or removing the pre-installed app if possible, or relying on vendor updates. The device may be end-of-life. Reference [1] does not provide mitigation details.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Bluboo/D3 Prodescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.kryptowire.com/android-firmware-2019/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.