CVE-2018-9526

HIGH

Android 9 - Unauthenticated Remote Device Location Disclosure via Improper Configuration

Title source: llm
STIX 2.1

Description

In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105847
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-11-01

Scores

CVSS v3 7.5
EPSS 0.0091
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
google/android 9.0
Published Nov 14, 2018
Tracked Since Feb 18, 2026