Ulefone and Krüger&Matz Smartphones Factory Reset Vulnerability in Preloaded Application

Vulnerability

A vulnerability has been identified in a preloaded application called 'com.pri.factorytest' on Android-based smartphones from Ulefone and Krüger&Matz. This application, which includes version 1.0, exposes a service that allows any application to perform a factory reset on the device. The issue arises from improper export of Android application components, enabling unauthorized access to sensitive functions. The vulnerable application was bundled with OS releases after December 2024 for Ulefone and likely in March 2025 for Krüger&Matz, although the latter has not been confirmed.

Impact

Exploitation of this vulnerability allows any application to initiate a factory reset, potentially leading to unauthorized data loss and device reset.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ulefone and Krüger&Matz Smartphones Factory Reset Vulnerability in Preloaded Application

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating