Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Beeline
  • Pro 2
  • Pro 2 Firmware
Bluproducts
  • Studio 6.0 Hd
  • Studio 6.0 Hd Firmware
  • Studio C Hd
  • Studio C Hd Firmware
  • Studio G
  • Studio G Firmware
  • Studio G Plus
  • Studio G Plus Firmware
  • Studio X
  • Studio X Firmware
  • Studio X Plus
  • Studio X Plus Firmware
Doogee
  • Voyager 2 Dg310i
  • Voyager 2 Dg310i Firmware
Iku-mobile
  • Colorful K45i
  • Colorful K45i Firmware
Infinixauthority
  • Hot 2 X510
  • Hot 2 X510 Firmware
  • Hot X507
  • Hot X507 Firmware
  • Zero 2 X509
  • Zero 2 X509 Firmware
  • Zero X506
  • Zero X506 Firmware
Leagoo
  • Alfa 6
  • Alfa 6 Firmware
  • Lead 2s
  • Lead 2s Firmware
  • Lead 3i
  • Lead 3i Firmware
  • Lead 5
  • Lead 5 Firmware
  • Lead 6
  • Lead 6 Firmware
Xolo
  • Cube 5.0
  • Cube 5.0 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:infinixauthority:hot_x507_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:hot_x507:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:infinixauthority:hot_2_x510_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:hot_2_x510:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:infinixauthority:zero_x506_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:zero_x506:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:infinixauthority:zero_2_x509_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:infinixauthority:zero_2_x509:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:bluproducts:studio_g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_g:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:bluproducts:studio_g_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_g_plus:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:bluproducts:studio_6.0_hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_6.0_hd:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:bluproducts:studio_x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_x:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:bluproducts:studio_x_plus_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_x_plus:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:bluproducts:studio_c_hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bluproducts:studio_c_hd:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:xolo:cube_5.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:xolo:cube_5.0:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:beeline:pro_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:beeline:pro_2:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:iku-mobile:colorful_k45i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:iku-mobile:colorful_k45i:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:leagoo:lead_5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_5:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:leagoo:lead_6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_6:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:leagoo:lead_3i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_3i:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:leagoo:lead_2s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:lead_2s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:leagoo:alfa_6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:leagoo:alfa_6:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:doogee:voyager_2_dg310i_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:doogee:voyager_2_dg310i:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack cve-icon cve-icon
https://www.kb.cert.org/vuls/id/624539 cve-icon cve-icon
https://www.securityfocus.com/bid/94393/ cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-13T20:00:00

Updated: 2024-08-06T01:36:28.064Z

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6564

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-13T20:29:01.050

Modified: 2024-11-21T02:56:21.923

Link: CVE-2016-6564

cve-icon Redhat

No data.