#VU47633 Permissions, Privileges, and Access Controls in HK1 Box S905X3 TV Box
Published: October 14, 2020
Vulnerability identifier: #VU47633
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
HK1 Box S905X3 TV Box
HK1 Box S905X3 TV Box
Software vendor:
Hindotech, Shenzhen Hindo Technology Co.,Ltd
Hindotech, Shenzhen Hindo Technology Co.,Ltd
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A local attacker can execute the "/system/xbin/su" binary and execute arbitrary code as root, or steal social networking account tokens, WiFi passwords, cookies, saved passwords, user location data, message history, emails, or contacts, etc.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.