Published: 12/01/2018 Updated: 09/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The backup mechanism in the adb tool in Android might allow malicious users to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android -

Android ADB backup APK Injection POC

ADB-Backup-APK-Injection Android ADB backup APK injection vulnerability discovered by and POC created by Imre Rad, SEARCH-LAB Ltd, Hungary What is ADB backup/restore? The Android operating system offers a backup/restore mechanism of installed packages through the ADB utility By default, full backup of applications including the private files stored in /data is performed, but

CWE-74 https://github.com/irsl/ADB-Backup-APK-Injection/http://www.securityfocus.com/bid/75705 http://www.search-lab.hu/about-us/news/110-android-adb-backup-apk-injection-vulnerability http://seclists.org/fulldisclosure/2015/Jul/46 http://packetstormsecurity.com/files/132645/ADB-Backup-APK-Injection.html http://www.securityfocus.com/archive/1/535980/100/0/threaded https://nvd.nist.gov https://github.com/irsl/ADB-Backup-APK-Injection

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7952

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect