{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T17:43:55.186","vulnerabilities":[{"cve":{"id":"CVE-2024-13915","sourceIdentifier":"cvd@cert.pl","published":"2025-05-30T16:15:35.953","lastModified":"2026-04-15T14:34:27.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Android based smartphones from vendors such as Ulefone and Krüger&Matz contain \"com.pri.factorytest\" application preloaded onto devices during manufacturing process.\nThe application \"com.pri.factorytest\" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service allowing any application to perform a factory reset of the device. \nApplication update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and April 2025 (Krüger&Matz)."},{"lang":"es","value":"Los smartphones Android de fabricantes como Ulefone and Krüger&amp;Matz contienen la aplicación \"com.pri.factorytest\" preinstalada durante el proceso de fabricación. Esta aplicación (nombre de la versión: 1.0, código de la versión: 1) expone el servicio \"com.pri.factorytest.emmc.FactoryResetService\" que permite a cualquier aplicación restablecer el dispositivo a la configuración de fábrica. La actualización de la aplicación no incrementó la versión del APK. En cambio, se incluyó en compilaciones del sistema operativo publicadas después de diciembre de 2024 (Ulefone) y, muy probablemente, en marzo de 2025 (Krüger&amp;Matz, aunque el fabricante no lo ha confirmado, por lo que las versiones más recientes también podrían ser vulnerables)."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-926"}]}],"references":[{"url":"https://cert.pl/en/posts/2025/05/CVE-2024-13915","source":"cvd@cert.pl"}]}}]}