CVE-2019-1994
HIGHAndroid 8.0-9 - Insecure Default Development Settings Access
Title source: llmDescription
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-02-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106946
Scores
CVSS v3
8.8
EPSS
0.0101
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (3)
google/android
8.0
google/android
8.1
google/android
9.0
Published
Feb 28, 2019
Tracked Since
Feb 18, 2026