VDB

CVE-2016-6564

CVE-2016-6564 PUBLISHED CVSS 9.300000190734863 CRITICAL

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0

EPSS 0.34% · 57.1th percentile

Risk Scores

CVSS 2.0
9.300000190734863
EPSS Score
0.34%
57.1th percentile

Affected Products

VendorProductVersions
bluproductsstudio_c_hd_firmware
beelinepro_2_firmware
bluproductsstudio_g_firmware
leagoolead_3i_firmware
leagoolead_5_firmware
infinixauthorityhot_x507_firmware
bluproductsstudio_6.0_hd_firmware
infinixauthorityhot_2_x510_firmware
leagoolead_2s_firmware
infinixauthorityzero_2_x509_firmware
doogeevoyager_2_dg310i_firmware
leagoolead_6_firmware
leagooalfa_6_firmware
bluproductsstudio_g_plus_firmware
iku-mobilecolorful_k45i_firmware
bluproductsstudio_x_firmware
bluproductsstudio_x_plus_firmware
infinixauthorityzero_x506_firmware
xolocube_5.0_firmware
RagentekAndroid softwareN/A

Timeline

  • Nov 17, 2016 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 16, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›