Description

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. 

After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.

Classification

CVE ID: CVE-2024-10576

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.4

Affected Products

Vendor: Infinix Mobile

Product: com.transsion.agingfunction

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://cert.pl/en/posts/2024/12/CVE-2024-10576/
https://cert.pl/posts/2024/12/CVE-2024-10576/

Timeline