CVE-2024-10576

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2024/12/CVE-2024-10576/
https://cert.pl/posts/2024/12/CVE-2024-10576/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Los dispositivos Infinix contienen una aplicación "com.transsion.agingfunction" precargada que expone un receptor de transmisión no seguro. Un atacante puede comunicarse con el receptor y forzar al dispositivo a realizar un restablecimiento de fábrica sin ningún permiso del sistema Android. Después de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. Suponemos que este problema afecta a todos los dispositivos móviles Infinix.

04 Dec 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-10576

Mitre link : CVE-2024-10576

CVE.ORG link : CVE-2024-10576

JSON object : View

Products Affected

No product.

CWE

CWE-925

Improper Verification of Intent by Broadcast Receiver

{"id": "CVE-2024-10576", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:I/V:D/RE:X/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-04T12:15:18.463", "references": [{"url": "https://cert.pl/en/posts/2024/12/CVE-2024-10576/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/12/CVE-2024-10576/", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-925"}]}], "descriptions": [{"lang": "en", "value": "Infinix devices contain a pre-loaded \"com.transsion.agingfunction\" application, that\u00a0exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.\u00a0\n\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices."}, {"lang": "es", "value": "Los dispositivos Infinix contienen una aplicaci\u00f3n \"com.transsion.agingfunction\" precargada que expone un receptor de transmisi\u00f3n no seguro. Un atacante puede comunicarse con el receptor y forzar al dispositivo a realizar un restablecimiento de f\u00e1brica sin ning\u00fan permiso del sistema Android. Despu\u00e9s de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. Suponemos que este problema afecta a todos los dispositivos m\u00f3viles Infinix."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cvd@cert.pl"}