Insecure ADB Service Exploit: Unauthorized Access and Device Compromise

Insecure ADB Service Exploit: Unauthorized Access and Device Compromise

CVE-2019-13405 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.

Learn more about our Web Application Penetration Testing UK.