Vulnerability Details : CVE-2012-2949
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.
Exploit prediction scoring system (EPSS) score for CVE-2012-2949
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-2949
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2949
-
http://www.pcmag.com/article2/0,2817,2404639,00.asp
Why Does ZTE's Score M Have a Built-In Backdoor Hole?
-
http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability
Invalid URL
-
http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518
ZTE confirms security hole in U.S. phone - Reuters
Products affected by CVE-2012-2949
- cpe:2.3:h:zte:score_m:-:*:*:*:*:*:*:*