CERT Polska has received a report about vulnerability in Infinix Mobile com.transsion.agingfunction software and participated in coordination of its disclosure.
Infinix devices contain a preloaded com.transsion.agingfunction application vulnerable to CVE-2024-10576, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.
https://cert.pl/en/posts/2024/12/CVE-20 ... ermissions.