Approved changes feed: RSS · Atom

cpe:2.3:o:mi:a2_lite_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

VendorMi (60a5be67-ae7d-588b-8dcf-30a3da19041f)
ProductA2 Lite Firmware (eed299c2-05f4-5c83-ba97-40b71a303b55)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-15473 vulnerable 2026-06-08 05:12:57.456110 Details available
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/jasmine/jasmine_sprout:9/PKQ1.180904.001/V10.0.2.0.PDIMIFJ:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
Published: 2019-11-14T16:27:50.000Z
Updated: 2024-08-05T00:49:13.510Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-15472 vulnerable 2026-06-08 05:12:57.455760 Details available
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage.
Published: 2019-11-14T16:27:48.000Z
Updated: 2024-08-05T00:49:13.266Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-15468 vulnerable 2026-06-08 05:12:57.450744 Details available
The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201812071953) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.
Published: 2019-11-14T16:27:43.000Z
Updated: 2024-08-05T00:49:13.507Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.