CVE-2020-11723
MEDIUMCellebrite UFED 5.0-7.29 - Use of Hard-coded Credentials for ADB Authentication
Title source: llmDescription
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
https://www.cellebrite.com/en/productupdates/ufed-and-ufed-infield-7-30-provides-new-support-for-smartphones-with-huawei-kirin-processor/
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157217/Cellebrite-UFED-7.29-Hardcoded-ADB-Authentication-Keys.html
Scores
CVSS v3
5.5
EPSS
0.0045
EPSS Percentile
35.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (1)
cellebrite/ufed_firmware
5.0 - 7.29
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026