CVE-2018-15835

HIGH

Android 1.0-9.0 - Insecure Permission Assignment for Critical Resource

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15835. PoCs published by Chirantar7004.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2018-15835, which exploits Android's broadcast intents to leak sensitive WiFi information (BSSID, SSID) without requiring location permissions. The app listens to system broadcasts and logs geolocation data via the Wigle API.

Description

Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.

Exploits (1)

nomisec WORKING POC 2 stars
by Chirantar7004 · poc
https://github.com/Chirantar7004/Android-Passive-Location-Tracker

This repository contains a working PoC for CVE-2018-15835, which exploits Android's broadcast intents to leak sensitive WiFi information (BSSID, SSID) without requiring location permissions. The app listens to system broadcasts and logs geolocation data via the Wigle API.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Android OS (versions prior to 9.0)
No auth needed
Prerequisites: Android device with WiFi enabled · Target running Android < 9.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Nov/35

Scores

CVSS v3 7.5
EPSS 0.0203
EPSS Percentile 78.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-732
Status published
Products (1)
google/android 1.0 - 9.0
Published Nov 30, 2018
Tracked Since Feb 18, 2026