CVE-2024-13915 is a medium severity vulnerability affecting Android-based smartphones from vendors including Ulefone and Krüger&Matz. The vulnerability resides in a preloaded application named "com.pri.factorytest," specifically in the exposed service component "com.pri.factorytest.emmc.FactoryResetService." This service is improperly exported, allowing any application installed on the device to invoke it without requiring any permissions, user interaction, or authentication. The critical issue is that invoking this service triggers a factory reset of the device, which wipes user data and restores the device to its original factory state. The vulnerability is classified under CWE-926, which relates to improper export of application components, leading to unauthorized access. Notably, the vulnerable application version is 1.0 (version code 1), and the affected builds were released after December 2024 for Ulefone and April 2025 for Krüger&Matz. The APK version was not incremented during updates, potentially complicating detection and patching. The CVSS v4.0 base score is 6.9, reflecting a medium severity rating. The vector indicates local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), no confidentiality or availability impact (VC:N, VA:N), but high impact on integrity (VI:H). This means the vulnerability does not leak data or cause denial of service but allows unauthorized modification of device state by factory resetting it. There are no known exploits in the wild, and no patches or updates have been linked yet. The improper export of a critical service like factory reset poses a significant risk, as malicious applications could disrupt device availability and cause data loss without user consent or awareness.

For European organizations, this vulnerability poses a risk primarily to employees or users relying on affected Ulefone or Krüger&Matz devices. The factory reset capability can lead to loss of sensitive corporate data stored on the device, disruption of business operations, and potential downtime while devices are restored and reconfigured. Although the attack vector is local, meaning an attacker must have the ability to install or run an application on the device, the lack of required privileges or user interaction lowers the barrier for exploitation. This could be exploited by malicious insiders, or through social engineering to install a malicious app. The impact on confidentiality and availability is indirect but significant due to data loss and operational disruption. For organizations with Bring Your Own Device (BYOD) policies or those issuing these devices to staff, the risk is elevated. Additionally, the inability to detect the updated vulnerable app version easily may delay mitigation efforts. The vulnerability does not directly expose corporate networks but can serve as a stepping stone for further attacks if devices are reset and reconfigured improperly or if attackers use the disruption to mask other malicious activities.

Organizations should first identify if any Ulefone or Krüger&Matz devices with the vulnerable "com.pri.factorytest" application are in use. Since no official patches are currently linked, mitigation should focus on limiting exposure. This includes restricting installation of untrusted applications via Mobile Device Management (MDM) solutions, enforcing application whitelisting, and disabling or uninstalling the vulnerable component if possible. Monitoring device logs for unusual factory reset triggers can help detect exploitation attempts. Users should be educated not to install apps from untrusted sources. For devices already deployed, consider isolating them from sensitive corporate resources or using containerization to separate corporate data from device-level resets. Vendors should be engaged to provide timely patches or firmware updates. Additionally, organizations should implement regular backups of mobile device data to minimize impact from forced resets. Network segmentation and endpoint detection can help reduce the risk of malicious app deployment. Finally, reviewing and tightening Android application export settings and permissions in custom device builds can prevent similar vulnerabilities.