How severe is CVE-2024-13915?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-13915?

This is classified as CWE-926, which is a common weakness in software security.

CVE-2024-13915 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service allowing any application to perform a factory reset of the device. Application update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Krüger&Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well).

Related Vulnerabilities

CVE-2021-25400

HIGH

CVSS:7.8(High)

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.

CWE-9262021

CVE-2021-25388

HIGH

CVSS:7.1(High)

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

CWE-9262021

CVE-2024-36437

MEDIUM

CVSS:6.5(Medium)

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interac...

CWE-9262024

CVE-2023-44121

MEDIUM

CVSS:6.3(Medium)

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a th...

CWE-9262023

CVE-2021-25397

MEDIUM

CVSS:5.5(Medium)

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CWE-9262021

CVE-2021-25526

MEDIUM

CVSS:5.5(Medium)

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

CWE-9262021