Vulnerability Description
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 2.3.4 | |
| Zte | Score M | - |
Related Weaknesses (CWE)
References
- http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability
- http://www.pcmag.com/article2/0%2C2817%2C2404639%2C00.asp
- http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518
- http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability
- http://www.pcmag.com/article2/0%2C2817%2C2404639%2C00.asp
- http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518
FAQ
What is CVE-2012-2949?
CVE-2012-2949 is a vulnerability with a CVSS score of 10.0 (HIGH). The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted a...
How severe is CVE-2012-2949?
CVE-2012-2949 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2949?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Zte Score M.