Red Magic 11 Pro Nx809J
Monthly
Local privilege escalation in the Red Magic 11 Pro (NX809J) gaming smartphone through firmware V1.0.0B14MR1 allows a non-privileged installed application to invoke a sensitive service interface that fails to validate its callers, letting the app write files to specific device partitions and set writable system properties. Reported by ZTE/Nubia through their own support bulletin, the issue is rated CVSS 8.8 with a scope change (S:C) reflecting the crossing of the app-sandbox privilege boundary into system context. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and CISA SSVC records exploitation status as none.
Local privilege escalation in the Red Magic 11 Pro (NX809J) gaming smartphone through firmware V1.0.0B14MR1 allows a non-privileged installed application to invoke a sensitive service interface that fails to validate its callers, letting the app write files to specific device partitions and set writable system properties. Reported by ZTE/Nubia through their own support bulletin, the issue is rated CVSS 8.8 with a scope change (S:C) reflecting the crossing of the app-sandbox privilege boundary into system context. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and CISA SSVC records exploitation status as none.