Silent Pairing Vulnerability in Android TV Allows Remote Code Execution

Silent Pairing Vulnerability in Android TV Allows Remote Code Execution

CVE-2021-0889 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296

Learn more about our Cis Benchmark Audit For Google Android.