Abstract Advisory Information
By using the embedded Google Chrome application, it is possible to install downloaded APK
Author: Valentin Giannini & Alexandre Guldner
Version affected
Name: Zebra Enterprise Home Screen
Versions: 4.1.19
Common Vulnerability Scoring System
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Patch
none
References
Vulnerability Disclosure Timeline
- 12/05/2022: Vulnerability discovery.
- 12/05/2022: Vulnerability Report to CERT-XLM.
- 13/05/2022: Vulnerability Report to Vendor through Bug bounty platform.
- 16/05/2022: Acknowledge from the vendor regarding 1st vulnerability.
- 24/06/2022: Vulnerability Report to Zebra Tech Support EMEA.
- 27/06/2022: Acknowledge from Zebra Tech Support EMEA.
- 08/07/2022: Update asked to vendor.
- 08/07/2022: Acknowledge from the vendor but the same answer.
- 22/07/2022: Request CVE ID to Mitre.
- 25/07/2022: CVE IDs assigned: CVE-2022-36442
- 05/08/2022: Second acknowledge from vendor with ticket number: 12763250
- 12/08/2022: Vendor claimed vulnerabilities are not worth fixing.
- 30/11/2022: Vulnerability disclosure