cvedb.io
CVE-2018-15006
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2018-12-28T21:29:00.997 · Last modified 2026-06-17T01:42:04.363

Summary

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.android.zte.hiddenmenu (versionCode=23, versionName=6.0.1) that contains an exported broadcast receiver app component named com.android.zte.hiddenmenu.CommandReceiver that is accessible to any app co-located on the device. This app component, when it receives a broadcast intent with a certain action string, will write a non-standard (i.e., not defined in Android Open Source Project (AOSP) code) command to the /cache/recovery/command file to be executed in recovery mode. Once the device boots into recovery mode, it will crash, boot into recovery mode, and crash again. This crash loop will keep repeati

Affected products

zteusa — zte_zmax_champ_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when zteusa ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.