CVE-2019-13405

Summary

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.

Affected Software

VendorProductVersion RangeStatus
AndroVideoAdvan VD-1 firmware230affected

Weaknesses

  • Broken access control

ADP Enrichment

CVE Program Container

Additional References

References