cvedb.io
CVE-2018-6599
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2018-08-29T19:29:01.187 · Last modified 2026-06-17T02:02:04.887

Summary

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the

Affected products

orbic — wonder_rc555l_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when orbic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.