CVE-2019-1994

HIGH

Android <9 - Info Disclosure

Title source: llm

Description

In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/2019-02-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106946

Scores

CVSS v3 8.8

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (3)

google/android 8.0

google/android 8.1

google/android 9.0

Published Feb 28, 2019

Tracked Since Feb 18, 2026