How severe is CVE-2018-14985?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2018-14985?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2018-14985 - HIGH Severity | CVSS 7.1

Vulnerability Description

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app.

Related Vulnerabilities

CVE-2018-15005

HIGH

CVSS:7.1(High)

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm...

CWE-8622018

CVE-2018-17490

HIGH

CVSS:7.1(High)

EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes...

CWE-8622018

CVE-2019-14822

HIGH

CVSS:7.1(High)

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server ...

CWE-8622019

CVE-2020-13425

HIGH

CVSS:7.1(High)

TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.

CWE-8622020

CVE-2020-36720

HIGH

CVSS:7.1(High)

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This m...

CWE-8622020

CVE-2021-41803

HIGH

CVSS:7.1(High)

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1...

CWE-8622021