Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode=\'2\', versionName=\'v11.0.1.0.0201.0\') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset.
Find out more about CVE-2023-38292 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
Wind River Linux 8 | Not Vulnerable | -- | -- | -- |
Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
Wind River Linux 7 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
Wind River Linux CD release | N/A | -- | -- | -- |
Wind River Linux 6 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
VxWorks | ||||
VxWorks 7 | Not Vulnerable | -- | -- | -- |
VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
Product Name | Status | Defect | Fixed | Downloads |
---|