In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: google_android
Published: 2021-03-10T16:02:07
Updated: 2024-08-03T15:40:01.244Z
Reserved: 2020-11-06T00:00:00
Link: CVE-2021-0380

No data.

Status : Modified
Published: 2021-03-10T17:15:13.237
Modified: 2024-11-21T05:42:36.907
Link: CVE-2021-0380

No data.