These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10139 was published on 2017-01-13 and later modified on 2026-05-13 in the NVD record. The issue affects Adups software on BLU R1 HD devices, where a component declares android:sharedUserId="android.uid.system" and therefore runs as the highly privileged system user. That privilege level enables access to call logs, text messages, and device identifiers through an internal provider, with backgroun [truncated]
CVE-2016-10138 describes a high-impact Android privilege issue in Adups FOTA software on BLU Advance 5.0 and BLU R1 HD devices. The com.adups.fota.sysoper app is installed as a system app, runs with the system user, and exposes an exported broadcast receiver that any on-device app can interact with. That design allows commands embedded in an intent to be executed with system-level privileges. The issue is [truncated]
CVE-2016-10137 describes a local Android security issue in Adups FOTA software used on BLU R1 HD devices. The affected package, com.adups.fota.sysoper, includes a content provider named com.adups.fota.sysoper.provider.InfoProvider and is configured to run as the Android system user. According to the CVE record and NVD summary, this can allow another app already on the device to read, write, and delete fil [truncated]
CVE-2016-10136 is a local Android privilege and data exposure issue in Adups FOTA software seen on BLU R1 HD devices with Shanghai Adups software. NVD describes a content provider in com.adups.fota.sysoper that allows any app on the device to read, write, and delete files as the system user. That can expose sensitive data and let an attacker alter system-owned settings, including notification-listener con [truncated]